Disabling plain-text password storage by defult

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Disabling plain-text password storage by defult

Branko Čibej
Given that we support a number of secure credentials stores, I propose
that, starting with 1.14.0 LTS, we disable the on-disk plain-text
password store by default. I've prepared a patch for configure.ac to
issue appropriate warnings before that time. If we decide to do this, we
should also mention it in our roadmap on the site.

-- Brane


plaintext-passwd.patch.txt (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Disabling plain-text password storage by defult

Stefan Sperling
On Wed, Oct 31, 2018 at 02:49:57AM +0100, Branko Čibej wrote:
> Given that we support a number of secure credentials stores, I propose
> that, starting with 1.14.0 LTS, we disable the on-disk plain-text
> password store by default.

Why not start with 1.12.0?
Reply | Threaded
Open this post in threaded view
|

Re: Disabling plain-text password storage by defult

Julian Foad-6
Stefan Sperling wrote:
>On Wed, Oct 31, 2018 at 02:49:57AM +0100, Branko Čibej wrote:
>> Given that we support a number of secure credentials stores, I
>propose
>> that, starting with 1.14.0 LTS, we disable the on-disk plain-text
>> password store by default.
>
>Why not start with 1.12.0?

+1 to doing it. +1 to starting with 1.12.
- Julian
Reply | Threaded
Open this post in threaded view
|

Re: Disabling plain-text password storage by defult

Branko Čibej
On 31.10.2018 13:01, Julian Foad wrote:
> Stefan Sperling wrote:
>> On Wed, Oct 31, 2018 at 02:49:57AM +0100, Branko Čibej wrote:
>>> Given that we support a number of secure credentials stores, I
>> propose
>>> that, starting with 1.14.0 LTS, we disable the on-disk plain-text
>>> password store by default.
>> Why not start with 1.12.0?
> +1 to doing it. +1 to starting with 1.12.

That works for me, too. I'd somehow thought an LTS release was a big
enough deal for such a change, but on consideration, you're right;
changes like this should be made in regular releases, that's what
they're for.

I'll commit an appropriate variant of the patch.

-- Brane