gnome keyring always needs to be unlocked

Douglas McClendon dmc.fedora at
Fri Oct 19 00:01:25 UTC 2007

Robert Relyea wrote:
> Douglas McClendon wrote:
>> Jeff Spaleta wrote:
>>> On 10/18/07, Kevin Kofler <kevin.kofler at> wrote:
>>>> Encrypted home directories are a solution for a computer which can 
>>>> be stolen.
>>>> If you're worried about your central server getting stolen, you have 
>>>> bigger
>>>> security problems than keyring security. ;-) Permissions should be 
>>>> enough to
>>>> secure a computer if physical security is present.
>>> Are suggestion that linux laptop users are somehow immune to falling
>>> prey to problem which require  troubleshooting application
>>> configurations stored in a user's home directory?
>> It's an interesting question as to what 'doesn't matter'.  I.e. mail 
>> server passwords and other data and configuration stored in 
>> ~/.thunderbird.  Or everything stored in ~/.firefox.  Those seem to me 
>> to be things I'd like encrypted by default as a laptop user, in 
>> addition to what you described as some special xdg style directory.
> Your general data is stored in ~/.thunderbird and ~/.firefox, but your 
> passwords are already stored encrypted in those directories (or should 
> be if you have "use master password to encrypt" set in your 
> privacy/password settings).

Those are true things, but don't really have anything to do with point I 
was making.  I'm a fan of a few good layers of security for a typical 
laptop/desktop scenario.  A nice firewall with everything closed to the 
outside world, except that which is exlicitly allowed.  A nice 
encryption of the entire home directory, and screensaver locking.  Then, 
once I'm inside those layers, I prefer to not use things like master 
passwords in thunderbird and firefox.  If you can convince me that using 
master passwords, in combination with some alternate overall scheme 
provides a better balance of security and convenience...  let the debate 
begin.  But be warned, I place a pretty high relative value on convenience.


More information about the fedora-devel-list mailing list