Hello, I've been working on implementing new features and fixing problems in gksu. I'd like to ask for feeback on a specific feature that has been added by applying a modified patch -- originally done by Szilard Novaki <novaki@agmen-software.com> and modified by me -- and on a feature request that came from ubuntu users. I'm CC'ing the debian-gtk-gnome list as Debian is my main testing and development ground for gksu. Here's the problem: currently gksu asks for the password and if it is correctly given and gnome-keyring is available it will want to store it. Next time it runs, unless always-ask-password option is trigered it will try to grab the password automatically from the keyring. Some detailes: 1. gksu the app knows nothing about the gnome-keyring stuff, it is hiden inside a more generic new API function in libgksu 2. the default keyring is used, which means the root password is going to be stored forever and never asked anymore unless it changes or the user uses gnome-keyring-manager to delete that key 3. when gksu/gksudo do not need a password to run the program they will show nothing to notify the user something which requires root powers is going on Perhaps I could have the gnome-keyring stuff not be generic, but explicitely supported by libgksu, which would finally make it no more 'desktop-agnostic' API-wise so gksu app will be able to decide somehow if the user wants to store the password and to which keyring. For the second problem, maybe I could use the session keyring by default, thus requesting that the user types the password again at least once per session. Allowing the admin/user to select which keyring they want to use is planned. Third problem also has something in common with some people's complaint that gksudo will simply take advantage of sudo's timeout and run stuff without requesting the password. Should gksu show a dialog warning what it's going to do before actually performing the command with root power? You can see some examples of confusion caused by this here: https://bugzilla.ubuntu.com/show_bug.cgi?id=11996 https://bugzilla.ubuntu.com/show_bug.cgi?id=12643 (the solution proposed at this one looks pretty difficult to implement, though, unless gksudo also uses the gnome-keyring instead of relying on sudo's timestamp) I'd like to hear your advice on this matter. Thanks and cheers from Helsinki!, -- kov@debian.org: Gustavo Noronha <http://people.debian.org/~kov> Debian: <http://www.debian.org> * <http://www.debian-br.org>
Attachment:
signature.asc
Description: This is a digitally signed message part