Mailinglist Archive: opensuse-buildservice (273 mails)

< Previous Next >
Re: [opensuse-buildservice] osc and security
  • From: Michal Čihař <michal@xxxxxxxxx>
  • Date: Mon, 26 Jan 2009 18:58:43 +0100
  • Message-id: <20090126185843.4f3c3a65@xxxxxxxxxxxxxxxxx>
Hi

Dne Mon, 26 Jan 2009 18:47:31 +0100 (CET)
"Joop Boonen" <joop_boonen@xxxxxx> napsal(a):

I've checked out ~/.oscrc I saw that my password can be found in plain text.

As someone who would be able to read this file would be able to change
packages that I have created. I'm rather worried about it. The package
could easily be piggy backed with mall ware.

I'm wondering wouldn't it be possible to put an encrypted password? Or
even better to work with ssh keys?

An other option would be that the password wouldn't be saved.

I also did not like this and I posted a patch in bugzilla [1] for
optional usage of GNOME Keyring for passwords.

[1]: https://bugzilla.novell.com/show_bug.cgi?id=460540

--
Michal Čihař | http://cihar.com | http://blog.cihar.com
< Previous Next >
References