Comment 22 for bug 686690
Revision history for this message
| Martin Pitt (pitti) wrote Re: [Bug 686690] Re: 1.8.0 breaks login_with() API compat with existing credentials files, and forces keyrings | #22 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
7020100
(Get the code!)
Robert Collins [2011-01-05 19:50 -0000]:
> One small niggle that occurs to me - we're putting credentials in
> ~/.cache now - I don't think folk are necessarily expecting
> confidential files in .cache; would .config - where confidential files
> *are* expected be better?
To me the distinction has always been "small and precious" vs. "data
that I can always trash and don't need to backup", not a question of
confidentiality. I wouldn't ever publish my browser's cache directory
either -- I wouldn't be surprised if it had online banking pages or
shopping receipts, and the like.
If anything, I'd expect the contrary - configuration files are usually
harmless, and passwords etc. belong into the GNOME keyring.
This seems to be supported by the default permissions of these dirs:
ls -ld .config .cache
drwx------ 31 martin martin 4096 2011-01-05 23:33 .cache
drwxr-xr-x 46 martin martin 12288 2011-01-03 13:23 .config
Martin
--
Martin Pitt | http://
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)