https://bugs.kde.org/show_bug.cgi?id=485051
Ivan Čukić <ivan.cu...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INTENTIONAL
Status|REPORTED |RESOLVED
--- Comment #1 from Ivan Čukić <ivan.cu...@kde.org> ---
The issues with encfs are important for the user to know about, and for that
reason Vaults shows the information about the issues.
The problems the audit pointed out relate to using encfs in a situation where
the encrypted data is synced to a remote data storage that the attacker has
access to. If encfs is used locally only, the encryption it has is good enough.
Apart from the message about the security of encfs, an additional deterrent of
using it with online syncing is that you can not choose the location of the
encrypted data storage when using encfs as the backend.
After the recent news with xz, I'm starting to think that the fact we don't
have a new version of encfs is a good thing - we have a version that has been
audited and for which we know the faults and when it should and shouldn't be
used.
For the things that have active development, an audit (if they have been
audited at all) quickly becomes obsolete and new patches might worsen the
security. :)
--
You are receiving this mail because:
You are watching all bug changes.
