Package: otpclient Version: 4.0.2-1 Severity: normal Recently, otpclient started complaining to me about the memory limits.
if `~/.config/otpclient.cfg` does not contain:
```
show_memlock_warning=false
```
then i get a modal dialog when starting it up that says:
```
Warning: memlock value too low
------------------------------
Your operating system's memlock limit (8388608 bytes) may be too low.
This could cause the program to crash or, worse, use insecure
memeory.Please review the [secure memory wiki
page](https://github.com/paolostivanin/OTPClient/wiki/Secure-Memory-Limitations)
before using this software with the current settings.
[ ] I confirm that I want to use the current, possibly too low, memlock
value. Do not show this warning again.
[ Exit ] [ OK ]
```
Indeed, the limit for my user account is 8MiB:
```
0 dkg@bob:~$ ulimit -a | grep locked
max locked memory (kbytes, -l) 8192
0 dkg@bob:~$
```
I have not changed this recently, so i don't know why the warning would
start showing up now.
If an upgrade of some other part of the system might have changed this
default, feel free to reassign this bug report to the other package and
note that it affects otpclient.
Overall, i think warnings like this are harmful if they're not obviously
actionable -- they tell the user that maybe something scary is
happening, but not really what they should do about it.
Also, it's unclear to me why otpclient would need to lock up more than
8MiB of RAM; and it's not even clear to me what defense memory locking
provides in 2025 -- for example, when running within a VM i think the
hypervisor can still have access to even locked memory.
Can we make this friendier/less scary/more fixable for users?
--dkg
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200,
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.12-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages otpclient depends on:
ii libc6 2.40-7
ii libcotp3 3.1.0-1
ii libgcrypt20 1.11.0-7
ii libgdk-pixbuf-2.0-0 2.42.12+dfsg-2
ii libglib2.0-0t64 2.83.3-2
ii libgtk-3-0t64 3.24.48-4
ii libjansson4 2.14-2+b3
ii libpng16-16t64 1.6.46-4
ii libprotobuf-c1 1.5.1-1
ii libqrencode4 4.1.1-2
ii libsecret-1-0 0.21.6-3
ii libuuid1 2.40.4-4
ii libzbar0t64 0.23.93-7
otpclient recommends no packages.
Versions of packages otpclient suggests:
ii otpclient-cli 4.0.2-1
-- no debconf information
signature.asc
Description: PGP signature
