http://bugzilla.novell.com/show_bug.cgi?id=559515 http://bugzilla.novell.com/show_bug.cgi?id=559515#c0 Summary: osc stores password in clear text in file .oscrc Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Critical Priority: P5 - None Component: Development AssignedTo: pth@novell.com ReportedBy: poletti.marco@gmail.com QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; it; rv:1.9.1.5) Gecko/20091103 SUSE/3.5.5-1.1.2 Firefox/3.5.5 GTB6 The "osc" command-line client stores the user password in clear text in the file ~/.oscrc. This should not happen, maybe it could store only a hash of the password or use KDE or GNOME keyrings. In the file .oscrc, the GNOME keyring seems somehow supported, but KDE doesn't. In any case, storing it in clear text is not a viable option. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.