The future of gpassman (was Re: gpasman: Intent to file for removal!)

To: Scott Henson <shenson2@wvu.edu>
Cc: debian-devel@lists.debian.org, Jules Bean <jules@jellybean.co.uk>
Subject: The future of gpassman (was Re: gpasman: Intent to file for removal!)
From: Manuel Estrada Sainz <ranty@debian.org>
Date: Sun, 27 Jan 2002 16:17:36 +0100
Message-id: <[🔎] 20020127151736.GA15892@hell.lnx.es>
In-reply-to: <[🔎] 1011712749.472.1.camel@sandm.hn.org>
References: <[🔎] 20020121190718.C29368@blueberry.jellybean.co.uk> <[🔎] Pine.LNX.4.43.0201221204320.1142-100000@tpo2.sourcepole> <[🔎] 20020122122845.GA31992@credativ.de> <[🔎] 1011704230.780.11.camel@altair> <[🔎] 1011712749.472.1.camel@sandm.hn.org>

On Tue, Jan 22, 2002 at 10:18:37AM -0500, Scott Henson wrote:
> 
> > Mhmm... it would be nice to fix it and turn it into "Debian passwd
> > manager"... 
> > 
> 
> Unless someone else wants to take this on I will.  I was looking for
> something to keep me awake durring my engineering 102 class(they teach
> C, which I already know).  

 I have been thinking about gpassman lately, I realy like the idea of a
 password manager and gpassman has some good ideas, but I don't think
 that the current implementation is good. Since this may lead to quite a
 code rewrite, I would like to discuss some issues:

 o librc2 seams quite unmaintained, I would think about using something
   else instead for encryption:
    o gpg --symmetric
    o libmcrypt
    o beecrypt2
   Or even better, apply a bit of abstraction code so the encryption
   backend can easly be changed in the future.

 o Letting the user select the algorighm would also be great.

 o Making some kind of (per user) password server and an access library
   for it would be great.
	o You tell the server the master password to unlock the password
	  database and then any program can query/add/modify passwords
	  through the library in the lines of ssh-agent
	o If we get all programs using the same password manager that
          would be a great gain. Instead of having everyone handle
	  passwords in their own insecure way.

 o Making some bonobo component to let other programs manipulate the
   password database.
   	o And a curses frontend.

 o Allowing for some kind of classification with a CTree or similar
   would be great.

 Well, I know I am asking for quite a lot, but I thing that a good,
 fexible and secure password manager would be something great to have. I
 don't say that all should be done right now, but having a clear view of
 where gpassman is going could prove usefull; so please comment.

 I am willing to help on this, I wouldn't have time to take full
 responsbility of gpassman, but I promise to help.

 take care

 	ranty

-- 
--- Manuel Estrada Sainz <ranty@debian.org>
			 <ranty@atdot.org>
------------------------ <ranty@soon.com> ---------------------------------
God grant us the serenity to accept the things we cannot change, courage to
change the things we can, and wisdom to know the difference.

Reply to:

Follow-Ups:
- Re: The future of gpassman (was Re: gpasman: Intent to file for removal!)
  - From: Andreas Rottmann <a.rottmann@gmx.at>

References:
- gpasman: Intent to file for removal!
  - From: Jules Bean <jules@jellybean.co.uk>
- Re: gpasman: Intent to file for removal!
  - From: "Tomas Pospisek's Mailing Lists" <tpo2@sourcepole.ch>
- Re: gpasman: Intent to file for removal!
  - From: Michael Meskes <meskes@debian.org>
- Re: gpasman: Intent to file for removal!
  - From: Paolo Redaelli <paolo.redaelli@libero.it>
- Re: gpasman: Intent to file for removal!
  - From: Scott Henson <shenson2@wvu.edu>

Prev by Date: Re: schemers: please support slib
Next by Date: Autobuilders and arch-independent packages
Previous by thread: Re: gpasman: Intent to file for removal!
Next by thread: Re: The future of gpassman (was Re: gpasman: Intent to file for removal!)
Index(es):
- Date
- Thread