<html>
<body>
<div style="font-family: Verdana, Arial, Helvetica, Sans-Serif;">
<table bgcolor="#f9f3c9" width="100%" cellpadding="8" style="border: 1px #c9c399 solid;">
<tr>
<td>
This is an automatically generated e-mail. To reply, visit:
<a href="http://git.reviewboard.kde.org/r/110328/">http://git.reviewboard.kde.org/r/110328/</a>
</td>
</tr>
</table>
<br />
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<p style="margin-top: 0;">On May 25th, 2013, 5:25 p.m. UTC, <b>Àlex Fiestas</b> wrote:</p>
<blockquote style="margin-left: 1em; border-left: 2px solid #d0d0d0; padding-left: 10px;">
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">I'm 100% against this patch, it is a no go.
What we have to provide is a way for distributions to open the wallet in a SECURE way without asking the user for a password. Distros are free to use this patch but then they should rename kwallet because it won't be doing what it was design to do.</pre>
</blockquote>
</blockquote>
<pre style="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">By that logic, kwallet shouldn't support password-less operation *at all*, yet it does. (In case its not obvious, I don't agree with your assertions). That said, discussion of the security implications should best be made onlist, not on reviewboard.</pre>
<br />
<p>- Rex</p>
<br />
<p>On May 6th, 2013, 5:25 p.m. UTC, Eike Hein wrote:</p>
<table bgcolor="#fefadf" width="100%" cellspacing="0" cellpadding="8" style="background-image: url('http://git.reviewboard.kde.org/static/rb/images/review_request_box_top_bg.ab6f3b1072c9.png'); background-position: left top; background-repeat: repeat-x; border: 1px black solid;">
<tr>
<td>
<div>Review request for KDE Runtime and Harald Sitter.</div>
<div>By Eike Hein.</div>
<p style="color: grey;"><i>Updated May 6, 2013, 5:25 p.m.</i></p>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Description </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">This patch adds a UI-less config option to kwalletd that makes it create the initial local wallet silently with an empty password instead of prompting the user to enter one.
It's a change desired by downstream consumers Kubuntu and Netrunner, and perhaps others, and recreates a modification they used to carry for KDE 3. Their goal is to make KWallet mostly invisible to the user during routine operations, but still have users benefit from encrypted password storage behind the scenes.
As such the config option is intended to be set by distributions. The new behavior is disabled by default.
In the interest of keeping the delta between upstream and downstream as small as possible I'd say it makes sense to pick this up.
</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Testing </h1>
<table width="100%" bgcolor="#ffffff" cellspacing="0" cellpadding="10" style="border: 1px solid #b8b5a0">
<tr>
<td>
<pre style="margin: 0; padding: 0; white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">Test package for Kubuntu by Harald Sitter, operation verified at runtime.</pre>
</td>
</tr>
</table>
<h1 style="color: #575012; font-size: 10pt; margin-top: 1.5em;">Diffs</b> </h1>
<ul style="margin-left: 3em; padding-left: 0;">
<li>kwalletd/kwalletd.h <span style="color: grey">(e8e74c3)</span></li>
<li>kwalletd/kwalletd.cpp <span style="color: grey">(fa9fc11)</span></li>
</ul>
<p><a href="http://git.reviewboard.kde.org/r/110328/diff/" style="margin-left: 3em;">View Diff</a></p>
</td>
</tr>
</table>
</div>
</body>
</html>