[kmymoney] [Bug 428146] Cannot import schwab transactions on their ofx server since 2020-10-16

Dawid Wróbel bugzilla_noreply at kde.org
Fri Oct 23 18:25:51 BST 2020


https://bugs.kde.org/show_bug.cgi?id=428146

--- Comment #7 from Dawid Wróbel <me at dawidwrobel.com> ---
@Jack, indeed, this is something I thought about already before and the only
potential solution going forward.

The problem here, however, is that *even* if we had e.V. willing to work with
us on that, only the binary distributables could offer this functionality. This
is because when registering with 3rd party financial institutions, you need to
provide them with a set of crypto keys, which they in turn use to confirm the
authenticity of the client software accessing their APIs. Such requirement is
mandated by the PSD2 and quite surely FDX, given how this is effectively the
only sane way to restrict the bad actors from attempting to exploit their APIs'
inevitable vulnerabilities.

Now, such signing would obviously not be otherwise possible for any free (as in
speech) Linux distribution that only provides packages built by themselves
(e.g. Debian), since they would naturally have no access to KDE e.V.'s unique
keys to sign their own binaries with. For any other distribution, KDE-provided
binaries would automatically land in the "Non-free" repository.

So, in conclusion, this full functionality would only be offered by the
pre-compiled KMyMoney distributables, which may or may not go against the KDE
foundation's core principles. I can see, however, how offering a financial
software offering a privacy-protection *and* the ownership of ones financial
data also fulfills foundation's core manifesto. So this case could fall under
the "necessary evil", especially that the heightened requirements imposed by
the financial regulations are no-nonsense and designed with security in mind.

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the KMyMoney-devel mailing list