OpenQA (was: Re: Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected)
Hi again, BTW I should probably mention that I noticed this problem because it required a work-around when testing KDE with openQA, since it causes an extra prompt making the previous version of the test fail. I know others noticed it too, but it's nice that openQA highlighted the problem (and also that it maked it easy for me to provide a screenshot). The KDE related tests currently being run are: 1) Installing KDE systems using d-i (tests both a BIOS and UEFI boot): https://openqa.debian.net/tests/80159 https://openqa.debian.net/tests/80178 (where one can see the encfs warning, tagged as a soft-failure) 2) Runs a load of KDE apps to the point of seeing their first screen come up: https://openqa.debian.net/tests/80179 (this test was actually put together by Fedora, and there are other KDE tests we could probably borrow quite easily) So, if you have ideas for tests, especially of things that you suspect might actually go wrong in future, please say and I'll be happy to knock up a test and/or show you how to make your own. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
Le dimanche 2 octobre 2022, 16:59:13 CEST Aurélien COUDERC a écrit : > > Le 2 octobre 2022 15:20:45 GMT+02:00, Philip Hands a écrit : > >Hi, > > Dear Phil, > > >[Please CC me if you want me to see your replies] > > > >I'd imagine you all saw this bug go past, so I was wondering if the lack > >of reaction is due to it seeming to be Somebody Else's Problem. > > Not at all. > > I have 5.26 in the works with the fix for this bug and thought it could wait > until then but it's taking more time than I had anticipated. > > Sune committed the fix to Salsa on top of 5.25.5 today and I'll upload it > later today if no one beats me at it. Voilà, the fix is uploaded. (btw, we use pkg-kde-talk@alioth for packaging discussions, debian-kde@l.d.o is for users) Happy hacking, -- Aurélien
Re: Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
Aurélien COUDERC writes: > Le 2 octobre 2022 15:20:45 GMT+02:00, Philip Hands a écrit : >>Hi, > > Dear Phil, > >>[Please CC me if you want me to see your replies] >> >>I'd imagine you all saw this bug go past, so I was wondering if the lack >>of reaction is due to it seeming to be Somebody Else's Problem. > > Not at all. > > I have 5.26 in the works with the fix for this bug and thought it could wait > until then but it's taking more time than I had anticipated. > > Sune committed the fix to Salsa on top of 5.25.5 today and I'll upload it > later today if no one beats me at it. That's great :-) Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Re: Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
wow, nice stuff ahead! Op zo 2 okt. 2022 17:15 schreef Aurélien COUDERC : > > > Le 2 octobre 2022 15:20:45 GMT+02:00, Philip Hands a > écrit : > >Hi, > > Dear Phil, > > >[Please CC me if you want me to see your replies] > > > >I'd imagine you all saw this bug go past, so I was wondering if the lack > >of reaction is due to it seeming to be Somebody Else's Problem. > > Not at all. > > I have 5.26 in the works with the fix for this bug and thought it could > wait until then but it's taking more time than I had anticipated. > > Sune committed the fix to Salsa on top of 5.25.5 today and I'll upload it > later today if no one beats me at it. > > > Happy hacking, > -- > Aurélien > >
Re: Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
Le 2 octobre 2022 15:20:45 GMT+02:00, Philip Hands a écrit : >Hi, Dear Phil, >[Please CC me if you want me to see your replies] > >I'd imagine you all saw this bug go past, so I was wondering if the lack >of reaction is due to it seeming to be Somebody Else's Problem. Not at all. I have 5.26 in the works with the fix for this bug and thought it could wait until then but it's taking more time than I had anticipated. Sune committed the fix to Salsa on top of 5.25.5 today and I'll upload it later today if no one beats me at it. Happy hacking, -- Aurélien
Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
Hi, [Please CC me if you want me to see your replies] I'd imagine you all saw this bug go past, so I was wondering if the lack of reaction is due to it seeming to be Somebody Else's Problem. If so, I think it's pretty clear that there's an RC bug in there somewhere -- I didn't set the severity to critical myself because I think someone from the KDE team should decide what needs to be done, and apply the appropriate severity on whichever package really needs fixing. In case you're wondering how an install-time warning might count as RC, please consider that the result of this is that someone deciding to install Debian (perhaps for the first time) and selecting KDE as their DE currently gets presented with what amounts to a declaration that Debian is insecure by default -- there's a screenshot in the bug: https://bugs.debian.org/1020417 Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Bug#1020417: plasma-vault: encfs security warning during Debian-Installer when KDE desktop selected
Package: plasma-vault Version: 5.25.4-1 Severity: normal Attached is a screenshot from installing Debian with KDE selected as the Desktop Environment. As you can see, it's giving a scarry looking security warning, which is probably not the first impression we want to present. My asumption is that when selecting KDE, one pulls in plasma-vault, which in turn depends upon encfs, which results in this message being presented to the user. Is encfs essential to the operation of plasma-vault? If not, perhaps it could be dropped from a recommends to a suggests? BTW You can see a test install of KDE here, with the warning: https://openqa.debian.net/tests/77193#step/grub/3 Cheers, Phil.