[vlc-devel] [PATCH 01/13] keystore: add b_secure
Rémi Denis-Courmont
remi at remlab.net
Wed Feb 24 18:12:48 CET 2016
Le 2016-02-24 15:25, Thomas Guillem a écrit :
> All keystore modules are secure except the plaintext one.
Oh come on. Ten years on, have we not learnt to be responsible and
careful about what we do? This software is used by tens, if not hundreds
of millions of people. We cannot just blindly put features above all
else.
Like Denis said, we do NOT store clear text credentials in persistent
storage. Ever.
Maybe you can read/write them as clear-text if you know that the
underlying file system is ciphered and the operating system separates
applications. But that would still qualify as "secure". So no flags.
--
Rémi Denis-Courmont
http://www.remlab.net/
More information about the vlc-devel
mailing list