ksecretservice (Re: [Kde-cvs-announce] KDE SC 4.8 Soft Feature Freeze)

Aaron J. Seigo aseigo at kde.org
Mon Oct 31 14:10:48 UTC 2011 

On Monday, October 31, 2011 14:15:40 David Faure wrote:
> On Monday 31 October 2011 13:16:26 Sebastian Kügler wrote:
> > On Monday, October 31, 2011 13:01:27 Allen Winter wrote:
> > > I'm of the opinion that KSecretService can be released with kdelibs 4.8
> > > as long as it passes review.
> > > 
> > > What do others think?
> > 
> > If we're doing a 4.8, we should allow features in. Having too much stuff
> > pending only for Frameworks5 (which we don't have a date for yet), will
> > cause bitrot, frustrate developers and make it harder to advance the whole
> > of KDE SC before Qt5 and Frameworks5 are out.

let's not repeat the 3.4/3.5/4.0 history all over again. these are the same 
argument we saw then, and we know what they ended up contributing to: a really 
nice 3.5 release and a very delayed 4.0 that did not achieve its potential.

> But on the other hand changing the whole implementation behind KWallet is a
> big change. The kind of change that belongs to KDE Frameworks 5 in my
> opinion, especially since it comes with "some changes in API behavior",
> which app developers expect in a '5' release, but not in a '4.8' release.

agreed .. but there may be ways around this.

> It also makes a lot more sense to consider the whole thing as one separate 
> framework, 

i agree again. in fact, it would be _great_ if KSS could be released in its 
own repository now (to be picked up into the Frameworks meta 
module/build/whatever later) with KWallet built with KSS in the backend if KSS 
is already installed.

so the first question is: what are the dependencies of KSecretsService? from a 
quick grep of the includes, they are:

* KDebug
* KLocalizedString
* KToolInvocation
* KJob
* KCompositeJob

all of which live in libkdecore .. so at least there are no dependency crazies 
in there... of the above classes, only the use of KDebug and KToolInvocation 
(with some minor but still unfortunate copy and paste) could be easily taken 
out. so the dependency on kdecore is probably there to stay.

which leaves us with a dependency between KWallet in kdeui and 
KSecretsService. looking at kwallet.cpp, with KSS it has become:

rv KWallet::someMethod(.. signature ..)
{
     if (walletLauncher->m_useKSecretsService) {
         ... secrets service path ...
     } else  {
         ... old code ...
    }
}

with a little bit of work, KWallet could be made to use a pluggable backend 
(with private API; we don't need anything fancy here) and KSecretService could 
ship with that backend and KWallet could use it if it exists. this opens up 
possible security issues, however. (not that they don't already exist with 
KWallet ...) 

the reason for exploring this is that it would be nice if application 
developers could start moving to KSS and our users could start using KSS 
without KSS becoming "part of" kdelibs 4.[78].

if kdecore came in its own tarball already, this would be easily solved. 
that's not an option, i know, so i wonder if there is some other way of doing 
this.

throwing whole new libraries in kdelibs now though is, imho, simply not a 
viable option.


as an aside: i'm a little concerned with calls such as these:

qRegisterMetaType<SecretStruct>();

which do not include the namespace; i seem to recall having issues in certain 
places in Plasma where these meta type registrations required the use of the 
namespace so that code that did variant.value<KSecretsSevice::SecretStruct>() 
would still work properly as expected. perhaps i'm mis-remembering here, but 
this should be checked into before we ship it... 

-- 
Aaron J. Seigo
humru othro a kohnu se
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43

KDE core developer sponsored by Qt Development Frameworks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/release-team/attachments/20111031/0dfb9824/attachment.sig>

More information about the release-team mailing list