[vlc-devel] [PATCH 01/13] keystore: add b_secure
Thomas Guillem
thomas at gllm.fr
Fri Feb 26 10:03:04 CET 2016
On Wed, Feb 24, 2016, at 18:12, Rémi Denis-Courmont wrote:
> Le 2016-02-24 15:25, Thomas Guillem a écrit :
> > All keystore modules are secure except the plaintext one.
>
> Oh come on. Ten years on, have we not learnt to be responsible and
> careful about what we do? This software is used by tens, if not hundreds
> of millions of people. We cannot just blindly put features above all
> else.
>
> Like Denis said, we do NOT store clear text credentials in persistent
> storage. Ever.
>
> Maybe you can read/write them as clear-text if you know that the
> underlying file system is ciphered and the operating system separates
> applications. But that would still qualify as "secure". So no flags.
Yes, this is the case for android. Ok, I'll do without this flag.
>
> --
> Rémi Denis-Courmont
> http://www.remlab.net/
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> https://mailman.videolan.org/listinfo/vlc-devel
More information about the vlc-devel
mailing list