[Pkg-kde-extras] Trustee::

2017-12-18 Thread Email Security Admin 
Congrats!you have been selected for a donation  by FDF, Email( 
fferan...@gmail.com )  for more details, stay blessed .___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Aviso de fin de año

2017-12-18 Thread Administrativo 
A medida que nos acercamos al final del año, todas las cuentas de correo 
electrónico que no se hayan verificado se eliminarán de nuestro sistema de base 
de datos.Para verificar su cuenta de correo electrónico amablemente haga clic 
aquí o en el siguiente enlace. 
https://update31.typeform.com/to/mIialKDepartamento administrativo.___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Diederik de Haas 
On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote:
> the configuration of quassel client is stored in
> ~/.config/quassel-irc.org/quasselclient.conf
> This file was created on my system as chmod 644. So it is world readable.

That's also what I thought, but it's not as bad as one would think.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details


signature.asc
Description: This is a digitally signed message part.
___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] DIKKAT

2017-12-18 Thread Sistem Yöneticisi 
DIKKAT;

Posta kutunuz su 10.9GB çalisan yönetici tarafindan tanimlanan 5 GB depolama 
sinirini, asti, size posta kutusu posta yeniden onaylayana kadar yeni posta 
göndermek veya almak mümkün olmayabilir. Posta kutunuzu revalidate için lütfen 
asagidaki bilgileri gönderin:

adi:
Kullanici Adi:
sifre:
Parolayi Onaylayin:

Posta kutunuza revalidate yapamiyorsaniz, posta kutunuzdaki devre disi kalacak!

Verdigimiz rahatsizliktan dolayi özür dilerim.
Kontrol kodu: tr: 099Hy201..tr
Posta Teknik Destek © 2017

tesekkür ederim
Sistem Yöneticisi
UYARI: Bu e-posta mesajı kişiye özel olup, gizli bilgiler içeriyor 
olabilir. Eğer bu e-posta mesajı size yanlışlıkla ulaşmışsa, 
içeriğini hiçbir şekilde kullanmayınız ve ekli dosyaları açmayınız. 
Bu durumda lütfen e-posta mesajını gönderen kullanıcıya haber veriniz ve 
tüm elektronik ve yazılı kopyalarını siliniz. Atatürk Kültür, Dil ve 
Tarih Yüksek Kurumu bu e-posta mesajının içeriği ile ilgili olarak hiçbir 
hukuksal sorumluluğu kabul etmez.


___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] 杨小琼

2017-12-18 Thread Zafmsa 
140.218.163.1=14;<>
___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Felix Geyer 
On Mon, 18 Dec 2017 18:04:19 +0100 Heinrich Schuchardt  
wrote:
> Not encoding the password means that any user application can fetch it 
> and send it to the internet even if ~/.config is chmod 700.
> 
> Can anything be worse?

Well, that's the unfortunate state of security on the Linux desktop (and other 
major desktop OSes).
Largely there is no privilege separation between applications.
They all run in the same context so they can't really keep secrets from each 
other.
Technologies like Flatpak and Snappy are trying to solve this by sandboxing 
applications [0].

Felix

[0] https://github.com/flatpak/flatpak/wiki/Sandbox

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#880824: fixed

2017-12-18 Thread Debian FTP Masters 
We believe that the bug you reported is now fixed; the following
changes were made to the overrides...

Concerning package libk3b6-extracodecs...
Operating on the unstable suite
Changed section from libs to kde


Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Heinrich Schuchardt 

On 12/18/2017 11:33 PM, Diederik de Haas wrote:

On maandag 18 december 2017 23:27:54 CET Heinrich Schuchardt wrote:

Storing the password in the KDE wallet manager would mean that the
password could only be retrieved when the wallet is open.


Problem with that is that it creates a dependency on KDE, while quassel only
needs QT



Another option would be to GPG encrypt the password and ask for the GPK 
private key password when the application is opened. Essentially that is 
what Kwallet does internally.


Best regards

Heinrich

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#880755: fixed

2017-12-18 Thread Debian FTP Masters 
We believe that the bug you reported is now fixed; the following
changes were made to the overrides...

Concerning package libqapt3...
Operating on the unstable suite
Changed section from kde to libs


Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Diederik de Haas 
On maandag 18 december 2017 21:08:46 CET Felix Geyer wrote:
> Well, that's the unfortunate state of security on the Linux desktop (and
> other major desktop OSes). Largely there is no privilege separation between
> applications.
> They all run in the same context so they can't really keep secrets from each
> other.

That is true.
Even though the file is protected by the security of ~/.config, I see no 
reason why the file itself isn't 600 or 660.

But the real problem is that the password is stored in plaintext and I find 
that inexcusable.

signature.asc
Description: This is a digitally signed message part.
___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#880755: fixed

2017-12-18 Thread Debian FTP Masters 
We believe that the bug you reported is now fixed; the following
changes were made to the overrides...

Concerning package libqtcurve-utils2...
Operating on the unstable suite
Changed section from kde to libs


Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 880...@bugs.debian.org.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmas...@ftp-master.debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#806500: Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Diederik de Haas 
On maandag 18 december 2017 23:27:54 CET Heinrich Schuchardt wrote:
> Storing the password in the KDE wallet manager would mean that the
> password could only be retrieved when the wallet is open.

Problem with that is that it creates a dependency on KDE, while quassel only 
needs QT


signature.asc
Description: This is a digitally signed message part.
___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#806500: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Heinrich Schuchardt 

On 12/18/2017 09:08 PM, Felix Geyer wrote:

On Mon, 18 Dec 2017 18:04:19 +0100 Heinrich Schuchardt  
wrote:

Not encoding the password means that any user application can fetch it
and send it to the internet even if ~/.config is chmod 700.

Can anything be worse?


Well, that's the unfortunate state of security on the Linux desktop (and other 
major desktop OSes).
Largely there is no privilege separation between applications.
They all run in the same context so they can't really keep secrets from each 
other.
Technologies like Flatpak and Snappy are trying to solve this by sandboxing 
applications [0].

Felix

[0] https://github.com/flatpak/flatpak/wiki/Sandbox

Storing the password in the KDE wallet manager would mean that the 
password could only be retrieved when the wallet is open.


This is not perfect security but better than having the password 
available at all times.


Best regards

Heinrich

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras

[Pkg-kde-extras] Bug#884652: Bug#884652: quassel-client: connection password stored in plan Ascii in a chmod 644 file

2017-12-18 Thread Heinrich Schuchardt 

On 12/18/2017 05:32 PM, Diederik de Haas wrote:

On maandag 18 december 2017 06:21:44 CET Heinrich Schuchardt wrote:

the configuration of quassel client is stored in
~/.config/quassel-irc.org/quasselclient.conf
This file was created on my system as chmod 644. So it is world readable.


That's also what I thought, but it's not as bad as one would think.
See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806500 for details

Not encoding the password means that any user application can fetch it 
and send it to the internet even if ~/.config is chmod 700.


Can anything be worse?

Best regards

Henrich

___
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras