[kmymoney] [Bug 428146] Cannot import schwab transactions on their ofx server since 2020-10-16
Matthew Schultz
bugzilla_noreply at kde.org
Fri Oct 23 19:02:13 BST 2020
https://bugs.kde.org/show_bug.cgi?id=428146
--- Comment #9 from Matthew Schultz <mattsch at gmail.com> ---
(In reply to Dawid Wróbel from comment #7)
> @Jack, indeed, this is something I thought about already before and the only
> potential solution going forward.
>
> The problem here, however, is that *even* if we had e.V. willing to work
> with us on that, only the binary distributables could offer this
> functionality. This is because when registering with 3rd party financial
> institutions, you need to provide them with a set of crypto keys, which they
> in turn use to confirm the authenticity of the client software accessing
> their APIs. Such requirement is mandated by the PSD2 and quite surely FDX,
> given how this is effectively the only sane way to restrict the bad actors
> from attempting to exploit their APIs' inevitable vulnerabilities.
>
> Now, such signing would obviously not be otherwise possible for any free (as
> in speech) Linux distribution that only provides packages built by
> themselves (e.g. Debian), since they would naturally have no access to KDE
> e.V.'s unique keys to sign their own binaries with. For any other
> distribution, KDE-provided binaries would automatically land in the
> "Non-free" repository.
>
> So, in conclusion, this full functionality would only be offered by the
> pre-compiled KMyMoney distributables, which may or may not go against the
> KDE foundation's core principles. I can see, however, how offering a
> financial software offering a privacy-protection *and* the ownership of ones
> financial data also fulfills foundation's core manifesto. So this case could
> fall under the "necessary evil", especially that the heightened requirements
> imposed by the financial regulations are no-nonsense and designed with
> security in mind.
Thanks for the explanation. So can this bug be kept open until this is
resolved or is there a more appropriate place (forum or another bug ticket?) to
follow the status of offering a crypto key signed kmymoney binary?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the KMyMoney-devel
mailing list