Comment 11 for bug 686690
Revision history for this message
| Martin Pitt (pitti) wrote Re: [Bug 686690] Re: 1.8.0 breaks login_with() API compat with existing credentials files, and forces keyrings | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Gary Poster [2010-12-14 2:40 -0000]:
> AIUI, the big improvement between the old story and the new story is
> that, if someone were to steal your shut-down computer, they would not
> have easy access to your Launchpad authentication
There is an almost 100% chance that your browser is authenticated to
Launchpad. If for nothing else, then you would need to login in your
browser when authenticating the launchpadlib app. And by default the
LP login cookie lives forever.
If you want to protect your data against stealing your computer, you
have to encrypt your entire home directory (or entire disk).
So I don't see any significant security benefit here. It only helps
for the corner case that you never use Launchpad in the browser, and
logged out again after authenticating your launchpadlib app.
> Barring Kees or someone else making a strong argument that the increment
> of security improvements warrants breaking backwards compatibility, we
> have our direction: make things backwards compatible.
*happy* :-)
Thanks, Martin
--
Martin Pitt | http://
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)