Alright, here is the patch I came up with (also sent upstream). It seems to work in that new passwords are stored as md5 and existing plaintext ones are converted, and tracks are successfully sent to last.fm.
Daniel, you seem to have some experience in this area, any hints for a first time contributor? Should I attempt to get a PPA up to ease testing? Or what is the next step? ** Attachment added: "rhythmbox-md5passwd-2.patch" http://launchpadlibrarian.net/18042379/rhythmbox-md5passwd-2.patch ** Changed in: rhythmbox (Ubuntu) Status: In Progress => Confirmed ** Summary changed: - audioscrobbler password saved configuration file + audioscrobbler password saved as plaintext in gconf ** Description changed: When saving a password for audioscrobbler, it is saved in .gconf unencoded. It appears in /home/kevinly/.gconf/apps/rhythmbox/audioscrobbler/%gconf.xml I realize that you should use different password for different websites, but some may inadvertantly set the user's (and thus su) password for their audioscrobbler password. + + A better option would be to store the md5 of the password instead since + that is all last.fm requires for authorization. An optimal solution may + be to use gnome-keyring instead of gconf. -- audioscrobbler password saved as plaintext in gconf https://bugs.launchpad.net/bugs/42686 You received this bug notification because you are a member of Ubuntu Desktop Bugs, which is subscribed to rhythmbox in ubuntu. -- desktop-bugs mailing list desktop-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
