Shotwell has already switched (in the recent 0.13.0 release) to using
OAuth for Picasa authentication. See
http://redmine.yorba.org/issues/3445#note-8
So I'm marking this bug fixed.
** Changed in: shotwell (Ubuntu)
Status: Triaged = Fix Released
--
You received this bug notification
ClientLogin is old technology. It doesn;t provides the secure handshake
as today. I agree Shotwell should switch to switch to OAuth/OpenID.
OAuth/OpenID may make your online experience simpler by providing the
necessary info to the servers instead of signing up an extra account for
the site.
That said, there's no indication that ClientLogin is any less secure
than OAuth. ClientLogin is just old.
False. The whole point of OAuth is that users don't have to trust random
software. I'm new to Shotwell, and it's asking me for my gmail password.
How do I know (how could I ever know outside
Good point. (On the other hand, it could be said that you have to
completely trust *any* software that you run on your local machine, at
least with today's operating system architectures. Even if Shotwell
doesn't ask for your password directly, if the software is malicious it
could install a
As the upstream dev who wrote Shotwell's Picasa Connector, I can clarify
one or two things here. What we're really talking about here are two
separate issues:
Issue 1: does Shotwell store any user credentials locally that might
present a security risk?
Issue 2: should Shotwell use OAuth
shotwell uses the password to get a sessionkey, the password is not
stored.. Only the session-id is stored in gconf / dconf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/782690
Title:
Picasa upload
** Changed in: shotwell (Ubuntu)
Importance: Undecided = High
** Changed in: shotwell (Ubuntu)
Status: New = Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/782690
Title:
Picasa
This is a known issue. The move to OAuth/OpenID is ticketed as an
enhancement upstream here: http://trac.yorba.org/ticket/3445
** Bug watch added: trac.yorba.org/ #3445
http://trac.yorba.org/ticket/3445
** Also affects: shotwell via
http://trac.yorba.org/ticket/3445
Importance: Unknown
** Changed in: shotwell
Status: Unknown = New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/782690
Title:
Picasa upload not secure: asks for Google Password
--
ubuntu-bugs mailing list