@pitti: I think you can get info here on how to store things in the pkcs11 keyring: http://live.gnome.org/GnomeKeyring/ApplicationSetup.
Instead of using the users password to encrypt the user.keystore file, it would probably be more appropriate to generate a random password and use it, unless I'm missing an obvious use case where the actual user password is required. I agree it's not a big deal in the case of trying to recover a user password from a user who isn't logged in. Malware, on the other hand could retrieve the current user's password from the keyring and use it to become root with sudo. I don't have a problem with issuing an SRU after the fact, as long as we write a tool/script to automatically remove the user's password upon upgrade. I also hope this doesn't escalate into a media frenzy if people start noticing their password is in there. -- the login password is stored in the user's keyring https://bugs.launchpad.net/bugs/566046 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
