https://bugs.kde.org/show_bug.cgi?id=485051
Ivan Čukić <ivan.cu...@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INTENTIONAL Status|REPORTED |RESOLVED --- Comment #1 from Ivan Čukić <ivan.cu...@kde.org> --- The issues with encfs are important for the user to know about, and for that reason Vaults shows the information about the issues. The problems the audit pointed out relate to using encfs in a situation where the encrypted data is synced to a remote data storage that the attacker has access to. If encfs is used locally only, the encryption it has is good enough. Apart from the message about the security of encfs, an additional deterrent of using it with online syncing is that you can not choose the location of the encrypted data storage when using encfs as the backend. After the recent news with xz, I'm starting to think that the fact we don't have a new version of encfs is a good thing - we have a version that has been audited and for which we know the faults and when it should and shouldn't be used. For the things that have active development, an audit (if they have been audited at all) quickly becomes obsolete and new patches might worsen the security. :) -- You are receiving this mail because: You are watching all bug changes.