¡Hola Rahul! El 2014-10-23 a las 05:09 +0530, Rahul Amaram escribió: > Totally understand and appreciate this. I didn't think that a package in > Ubuntu > mainstream would need so much review.
Yeah, well, it happens, we are more picky/we aim to have higher quality software (I guess a bit of both). > Agreed. But it would be great if we can have this in Debian Jessie. Is it > still > possible? I don't know, a new package needs to pass the new queue, which usualy takes some time to graduate from. And then it's 10 days to pass from unstable to jessie, so, most probably, no. But I guess we can push the backport package once jessie is released. > In the code I don't see any obvious errors, but I'm not an expert in pam > modules, some comments though: > In kwallet_hash, after the call to error = gcry_kdf_derive(..) it's not > checking in error returned something. > In prompt_for_password, the memset in the lines: > struct pam_response *response = NULL; > memset (&response, 0, sizeof(response)); > is redundant. > I have not reviewed the upstream code (not sure if I'll be able to understand > it also). Also, I prefer to leave upstream code unchanged unless it breaks > something or has some security or performance issues. It's always a good idea to try to understand some of it. I'm not sure about the socket file in /tmp. The file name is predictable and it's even logged before use... oh, it's never used, mmh. > You can get the source at https://github.com/amaramrahul/pam-kwallet Ok. -- "Don't let what you cannot do interfere with what you can do." -- Wooden's Rule Saludos /\/\ /\ >< `/
Description: Digital signature