[vlc-devel] [PATCH 01/13] keystore: add b_secure
thomas at gllm.fr
Fri Feb 26 10:03:04 CET 2016
On Wed, Feb 24, 2016, at 18:12, Rémi Denis-Courmont wrote:
> Le 2016-02-24 15:25, Thomas Guillem a écrit :
> > All keystore modules are secure except the plaintext one.
> Oh come on. Ten years on, have we not learnt to be responsible and
> careful about what we do? This software is used by tens, if not hundreds
> of millions of people. We cannot just blindly put features above all
> Like Denis said, we do NOT store clear text credentials in persistent
> storage. Ever.
> Maybe you can read/write them as clear-text if you know that the
> underlying file system is ciphered and the operating system separates
> applications. But that would still qualify as "secure". So no flags.
Yes, this is the case for android. Ok, I'll do without this flag.
> Rémi Denis-Courmont
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
More information about the vlc-devel