2010/5/20 Cristian Morales Vega <cmorve69@yahoo.es>:
Hi,
Looking at the packages from KKFD that were published without a changes in sources (i.e. that didn't pass the build-compare test) I found this in /usr/share/kde4/config/kdm/kdmrc:
# Random seed for forging saved session types, etc. of unknown users. # This value should be random but constant across the login domain. # Default is 0 ForgingSeed=XXXXXXXXXX
No idea about kdm or what this ForgingSeed exactly is. But: a) It's a security problem that this seed is random but... well, public, and constant for all openSUSE users? Should it to be set in the %postin?
b) If isn't a security problem. Would we brake people systems if we set it in the %postin? (to fix build-compare) I am not sure what the "login domain" is. Could it be that people networks are working just because they installed the same package in all the machines and so all of them have the same ForgingSeed? If we make them different perhaps they will not know how to fix it?
Created https://build.opensuse.org/request/diff/40492 -- To unsubscribe, e-mail: opensuse-kde+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-kde+help@opensuse.org