[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#536888: ITP: tlock -- Terminal locker


On Tue, 2009-07-14 at 15:28:53 +0200, Cyril Brulebois wrote:
> Ryan Kavanagh <ryanakca@kubuntu.org> (14/07/2009):
> > This package will also provide the library packages librpass0 and librpass0-dev,
> > with long description:
> > 
> >  Static library installed with tlock, it provides a function readpass() that
> >  reads in a password string from standard input of process and returns it  back,
> >  AS  IS, to the calling application. While fetching password from standard
> >  input, readpass first turns off the echo of input characters  and the
> >  generation of signals through keystrokes, reads in the password, turns the
> >  character echo and signal generation back on, and returns to the calling
> >  application a character pointer pointing at the password string.
> Do we really need this standalone library?! And please, pretty please,
> stop putting the SONAME in the -dev package name when it isn't needed.
> (Also, the first word of the description for this dynamic library is
> “static”?)

It seems that tlock does not memset the clear text passwords after use,
it does not mlock them either (although to be fair, really few programs
handling passwords seem to be doing so), and reimplements strcmp for no
apparent reason.

Also why do we need tlock when we have vlock and away?


Reply to: