Bug#536888: ITP: tlock -- Terminal locker
Hi! On Tue, 2009-07-14 at 15:28:53 +0200, Cyril Brulebois wrote: > Ryan Kavanagh (14/07/2009): > > This package will also provide the library packages librpass0 and > > librpass0-dev, > > with long description: > > > > Static library installed with tlock, it provides a function readpass() that > > reads in a password string from standard input of process and returns it > > back, > > AS IS, to the calling application. While fetching password from standard > > input, readpass first turns off the echo of input characters and the > > generation of signals through keystrokes, reads in the password, turns the > > character echo and signal generation back on, and returns to the calling > > application a character pointer pointing at the password string. > > Do we really need this standalone library?! And please, pretty please, > stop putting the SONAME in the -dev package name when it isn't needed. > (Also, the first word of the description for this dynamic library is > “static”?) It seems that tlock does not memset the clear text passwords after use, it does not mlock them either (although to be fair, really few programs handling passwords seem to be doing so), and reimplements strcmp for no apparent reason. Also why do we need tlock when we have vlock and away? regards, guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#536888: ITP: tlock -- Terminal locker
Hi Nico, On Tue, Jul 14, 2009 at 04:01:55PM +0200, Nico Golde wrote: > Hi, > > Simple console based application, which can be used to lock the terminal > > with a > > password string supplied by user from standard input, or with her login > > password as needed. By default tlock prompts the user for a password and > > then > > locks the terminal until the same password is supplied again. When invoked > > with > > -s flag, tlock locks the terminal with the user's login password. > [...] > Why is that more useful or different than vlock? It is different from vlock because the user can set a password different than their system password if they feel so inclined. A possible use case I can think of is Bob is leaving the desktop he's working on, but knows that Alice, his parter for the project XYZ will be around in a few minutes. He locks it using the password 'SomethingOtherThanTheUserPassword' because he doesn't want Alice to know his system password, but trusts her enough to continue working on the project without him around. He crosses Alice in the hallway on his way out and gives her the temporary password. She can thus continue working on the project without having to use his system password. Cheers, -- |_)|_/ Ryan Kavanagh | Gnupg key | \| \ http://blog.ryanak.ca/| E95EDDC9 signature.asc Description: Digital signature
Bug#536888: ITP: tlock -- Terminal locker
Hi, * Ryan Kavanagh [2009-07-14 15:07]: > Package: wnpp > Severity: wishlist > Owner: Ryan Kavanagh > > > * Package name: tlock > Version : 1.4 > Upstream Author : Prasad Pandit > * URL : http://pjp.dgplug.org/tools/ > * License : GPLv2+ > Programming Lang: C > Description : Terminal locker > > Simple console based application, which can be used to lock the terminal > with a > password string supplied by user from standard input, or with her login > password as needed. By default tlock prompts the user for a password and then > locks the terminal until the same password is supplied again. When invoked > with > -s flag, tlock locks the terminal with the user's login password. [...] Why is that more useful or different than vlock? Cheers Nico -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0xA0A0 For security reasons, all text in this mail is double-rot13 encrypted. pgpfcsTHPUKD0.pgp Description: PGP signature
Bug#536888: ITP: tlock -- Terminal locker
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ryan Kavanagh (14/07/2009): > This package will also provide the library packages librpass0 and > librpass0-dev, > with long description: > > Static library installed with tlock, it provides a function readpass() that > reads in a password string from standard input of process and returns it > back, > AS IS, to the calling application. While fetching password from standard > input, readpass first turns off the echo of input characters and the > generation of signals through keystrokes, reads in the password, turns the > character echo and signal generation back on, and returns to the calling > application a character pointer pointing at the password string. Do we really need this standalone library?! And please, pretty please, stop putting the SONAME in the -dev package name when it isn't needed. (Also, the first word of the description for this dynamic library is “static”?) Mraw, KiBi. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpciBIACgkQeGfVPHR5Nd1zYgCgi03WEmF9a38XSRhHorE8SWHP eQsAn0qnwB4i8HJl5VkB1F6F6qu5gqhx =C7x4 -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#536888: ITP: tlock -- Terminal locker
Package: wnpp Severity: wishlist Owner: Ryan Kavanagh * Package name: tlock Version : 1.4 Upstream Author : Prasad Pandit * URL : http://pjp.dgplug.org/tools/ * License : GPLv2+ Programming Lang: C Description : Terminal locker Simple console based application, which can be used to lock the terminal with a password string supplied by user from standard input, or with her login password as needed. By default tlock prompts the user for a password and then locks the terminal until the same password is supplied again. When invoked with -s flag, tlock locks the terminal with the user's login password. This package will also provide the library packages librpass0 and librpass0-dev, with long description: Static library installed with tlock, it provides a function readpass() that reads in a password string from standard input of process and returns it back, AS IS, to the calling application. While fetching password from standard input, readpass first turns off the echo of input characters and the generation of signals through keystrokes, reads in the password, turns the character echo and signal generation back on, and returns to the calling application a character pointer pointing at the password string. -- |_)|_/ Ryan Kavanagh | Gnupg key | \| \ http://blog.ryanak.ca/| E95EDDC9 signature.asc Description: Digital signature
