launchpad-dev team mailing list archive

[Sidnei da Silva <sidnei.da.silva@xxxxxxxxxxxxx>]

On Fri, Oct 1, 2010 at 12:46 PM, Leonard Richardson
<leonard.richardson@xxxxxxxxxxxxx> wrote:
> Step 1: Store credentials in the GNOME keyring
> ----------------------------------------------
>
> The first improvement is to change login_with() to start storing
> Launchpad credentials in the GNOME keyring (if available), with disk
> storage as a fallback. This will prevent the stolen-hard-drive attack.
>
> With Launchpad credentials in the GNOME keyring, a suitably paranoid
> end-user can also take countermeasures against certain other attacks
> by moving their Launchpad credentials out of the "login" keyring
> (where they will be stored by default) and into a keyring for which
> they've set an idle timeout. You can do this from the "Passwords and
> Encryption Keys" desktop accessory.

Going on a little bit of a tangent here, there's a python library for
abstracting away keyring storage
(http://pypi.python.org/pypi/keyring), such that you can use the most
appropriate keyring depending on the platform/environment you're on.
Probably worth taking a look at, since there might users using
launchpadlib on non-Gnome environments.

-- Sidnei