Re: [Tails-dev] Please review & merge feature/install-passwo…

Nachricht löschen

Nachricht beantworten
Autor: Robert Ransom
Datum:  
To: The Tails public development discussion list
Betreff: Re: [Tails-dev] Please review & merge feature/install-password-manager
On 1/10/13, Abel Luck <abel@???> wrote:
> Robert Ransom:
>> On 1/9/13, intrigeri <intrigeri@???> wrote:
>>> Hi,
>>>
>>> please review & merge feature/install-password-manager.
>>> ticket: todo/install_password_manager
>>> candidate for 0.17
>>
>> Some issues in keepassx 0.4.3-1ubuntu3 (according to the changelogs,
>> nothing I'm pointing out is fixed in Debian's 0.4.3-2):
>>
> <snip>
>> The other password managers you've considered are probably at least as
>> bad as this one.


> Well, damn, that's a pretty damning review. Do you know of any other
> alternatives?


The only stand-alone password manager that I have reviewed
sufficiently to have an opinion about is KeePassX. KeePassX's
cryptography is only slightly worse than that in the Linux kernel and
GPG.

> Have issues been opened to fix these security bugs?


I have not reported these issues to any bug tracker.

The copyright infringements in share/keepassx/icons/ are far more
problematic -- it is not currently legal to distribute the KeePassX
source tarball or Debian/Ubuntu binary packages.


Robert Ransom