[Pkg-kde-extras] Trustee::
Congrats!you have been selected for a donation by FDF, Email( fferan...@gmail.com ) for more details, stay blessed .___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Aviso de fin de año
A medida que nos acercamos al final del año, todas las cuentas de correo electrónico que no se hayan verificado se eliminarán de nuestro sistema de base de datos.Para verificar su cuenta de correo electrónico amablemente haga clic aquí o en el siguiente enlace. https://update31.typeform.com/to/mIialKDepartamento administrativo.___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote: > the configuration of quassel client is stored in > ~/.config/quassel-irc.org/quasselclient.conf > This file was created on my system as chmod 644. So it is world readable. That's also what I thought, but it's not as bad as one would think. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details signature.asc Description: This is a digitally signed message part. ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] DIKKAT
DIKKAT; Posta kutunuz su 10.9GB çalisan yönetici tarafindan tanimlanan 5 GB depolama sinirini, asti, size posta kutusu posta yeniden onaylayana kadar yeni posta göndermek veya almak mümkün olmayabilir. Posta kutunuzu revalidate için lütfen asagidaki bilgileri gönderin: adi: Kullanici Adi: sifre: Parolayi Onaylayin: Posta kutunuza revalidate yapamiyorsaniz, posta kutunuzdaki devre disi kalacak! Verdigimiz rahatsizliktan dolayi özür dilerim. Kontrol kodu: tr: 099Hy201..tr Posta Teknik Destek © 2017 tesekkür ederim Sistem Yöneticisi UYARI: Bu e-posta mesajı kiÅiye özel olup, gizli bilgiler içeriyor olabilir. EÄer bu e-posta mesajı size yanlıÅlıkla ulaÅmıÅsa, içeriÄini hiçbir Åekilde kullanmayınız ve ekli dosyaları açmayınız. Bu durumda lütfen e-posta mesajını gönderen kullanıcıya haber veriniz ve tüm elektronik ve yazılı kopyalarını siliniz. Atatürk Kültür, Dil ve Tarih Yüksek Kurumu bu e-posta mesajının içeriÄi ile ilgili olarak hiçbir hukuksal sorumluluÄu kabul etmez. ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] 杨小琼
140.218.163.1=14;<> ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On Mon, 18 Dec 2017 18:04:19 +0100 Heinrich Schuchardtwrote: > Not encoding the password means that any user application can fetch it > and send it to the internet even if ~/.config is chmod 700. > > Can anything be worse? Well, that's the unfortunate state of security on the Linux desktop (and other major desktop OSes). Largely there is no privilege separation between applications. They all run in the same context so they can't really keep secrets from each other. Technologies like Flatpak and Snappy are trying to solve this by sandboxing applications [0]. Felix [0] https://github.com/flatpak/flatpak/wiki/Sandbox ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#880824: fixed
We believe that the bug you reported is now fixed; the following changes were made to the overrides... Concerning package libk3b6-extracodecs... Operating on the unstable suite Changed section from libs to kde Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain) ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On 12/18/2017 11:33 PM, Diederik de Haas wrote: On maandag 18 december 2017 23:27:54 CET Heinrich Schuchardt wrote: Storing the password in the KDE wallet manager would mean that the password could only be retrieved when the wallet is open. Problem with that is that it creates a dependency on KDE, while quassel only needs QT Another option would be to GPG encrypt the password and ask for the GPK private key password when the application is opened. Essentially that is what Kwallet does internally. Best regards Heinrich ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#880755: fixed
We believe that the bug you reported is now fixed; the following changes were made to the overrides... Concerning package libqapt3... Operating on the unstable suite Changed section from kde to libs Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain) ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On maandag 18 december 2017 21:08:46 CET Felix Geyer wrote: > Well, that's the unfortunate state of security on the Linux desktop (and > other major desktop OSes). Largely there is no privilege separation between > applications. > They all run in the same context so they can't really keep secrets from each > other. That is true. Even though the file is protected by the security of ~/.config, I see no reason why the file itself isn't 600 or 660. But the real problem is that the password is stored in plaintext and I find that inexcusable. signature.asc Description: This is a digitally signed message part. ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#880755: fixed
We believe that the bug you reported is now fixed; the following changes were made to the overrides... Concerning package libqtcurve-utils2... Operating on the unstable suite Changed section from kde to libs Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 880...@bugs.debian.org. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org. Debian distribution maintenance software pp. Luca Falavigna (the ftpmaster behind the curtain) ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On maandag 18 december 2017 23:27:54 CET Heinrich Schuchardt wrote: > Storing the password in the KDE wallet manager would mean that the > password could only be retrieved when the wallet is open. Problem with that is that it creates a dependency on KDE, while quassel only needs QT signature.asc Description: This is a digitally signed message part. ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On 12/18/2017 09:08 PM, Felix Geyer wrote: On Mon, 18 Dec 2017 18:04:19 +0100 Heinrich Schuchardtwrote: Not encoding the password means that any user application can fetch it and send it to the internet even if ~/.config is chmod 700. Can anything be worse? Well, that's the unfortunate state of security on the Linux desktop (and other major desktop OSes). Largely there is no privilege separation between applications. They all run in the same context so they can't really keep secrets from each other. Technologies like Flatpak and Snappy are trying to solve this by sandboxing applications [0]. Felix [0] https://github.com/flatpak/flatpak/wiki/Sandbox Storing the password in the KDE wallet manager would mean that the password could only be retrieved when the wallet is open. This is not perfect security but better than having the password available at all times. Best regards Heinrich ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file
On 12/18/2017 05:32 PM, Diederik de Haas wrote: On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote: the configuration of quassel client is stored in ~/.config/quassel-irc.org/quasselclient.conf This file was created on my system as chmod 644. So it is world readable. That's also what I thought, but it's not as bad as one would think. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details Not encoding the password means that any user application can fetch it and send it to the internet even if ~/.config is chmod 700. Can anything be worse? Best regards Henrich ___ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras