Re: Bug#628383: [kfreebsd-*] test failure: test-secmem

[Steven Chamberlain <steven@pyro.eu.org>]

On Sat, 26 Apr 2014 11:39:02 +0200 Andreas Henriksson wrote:
> Control: tag -1 - patch
> 
> While I appreciate the feedback on how mlock works on kfreebsd
> and including a patch along with discussions of technical details
> is nice, I'm going to remove the patch tag.
> Maye I misunderstood something but i think there's a reason the
> memory is mlocked; to avoid leaking sensitive information into swap.
> We can't just kill off security by patching out the check for
> working mlock. Atleast not without a big fat warning dialog
> where the user opts out of security first.
> 
> As I see it if there's no way to securely do the same thing on
> kfreebsd, then this package simply can't work on kfreebsd.
> 
> On a side-note: AFAIK libgnome-keyring is deprecated (in favor of
> libsecret). Efforts might be better spent on helping users port
> their code away from libgnome-keyring, but since there are
> quite a few reverse dependencies in the archive I doubt it
> will be practically possible to achive the goal of having all
> of them ported before the Jessie freeze.