Mailinglist Archive: opensuse-buildservice (273 mails)

< Previous Next >
[opensuse-buildservice] osc and security
  • From: "Joop Boonen" <joop_boonen@xxxxxx>
  • Date: Mon, 26 Jan 2009 18:47:31 +0100 (CET)
  • Message-id: <94d8035d3ce3b2779116a1f68b7a83d0.squirrel@xxxxxxxxxx>
I've checked out ~/.oscrc I saw that my password can be found in plain text.

As someone who would be able to read this file would be able to change
packages that I have created. I'm rather worried about it. The package
could easily be piggy backed with mall ware.

I'm wondering wouldn't it be possible to put an encrypted password? Or
even better to work with ssh keys?

An other option would be that the password wouldn't be saved.


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >