mgraesslin at kde.org
Thu Dec 11 15:43:57 GMT 2014
On Thursday 11 December 2014 08:33:48 Jeremy Whiting wrote:
> ksshaskspass has been in kdereview and has been improved since it got
> there. Is it ready to be moved to kde/workspace ?
Sorry for being late for the review. I just cloned the repo and did a quick
look for a common problem on X11: the dialog doesn't grab keyboard input.
When a window asks for a password it should make sure that no other X client
intercepts the input. On X11 every other client is able to get to the key
events. Thus the dialog should:
* grab the keyboard when it gets keyboard focus (is active)
* disable entering the password if it failed to grab keyboard and print a
* release the grab keyboard once it lost focus (e.g. user wants to switch to
browser to check why that wants a password)
While writing that I realized that this is not at all the fault of
ksshaskspass but rather of KPasswordDialog which should implement those
checks. So I wouldn't say it's a blocking issue for a move, though I would
prefer to not get new applications into kde/workspace which aren't secure
against the key logging attacks on X11.
> On Wed, Nov 5, 2014 at 12:50 PM, David Faure <faure at kde.org> wrote:
> > [cutting down on the massive cross-posting]
> > On Monday 03 November 2014 14:13:50 Jeremy Whiting wrote:
> > > ksshaskpass has no more krazy issues and has been moved to kdereview.
> > > I think it's final resting place should be kde/workspace but I'm open
> > > to other ideas. It is usable on other platforms besides plasma, but it
> > > saves passwords in kwallet, so may make the most sense there.
> > Yep, sounds like a workspace component to me. It doesn't make sense when
> > using
> > a single KDE app in e.g. gnome, which surely has another GUI for ssh-add.
> > --
> > David Faure, faure at kde.org, http://www.davidfaure.fr
> > Working on KDE Frameworks 5
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: This is a digitally signed message part.
More information about the kde-core-devel