Re: [SyncEvolution] cmdline --keyring --print-config: should it show real password or "-"?
Patrick Ohly wrote:
Hello!
While testing Yongsheng's implementation of keyring support in the
command line I ran into a case where I'd like to get some opinions: when
the passwords are stored in the keyring, the config contains "-" instead
of the real password.
When invoked with "--keyring --print-config", should the command line
retrieve the password from the keyring and present it to the user? I'm
undecided about this myself. On the one hand, the password is no longer
part of the configuration. On the other hand, the password cannot be
shown via the command line even if the user wanted that.
He has to know about keyring and the "seahorse" tool to view the
keyring, then look for the password entry. Definitely not something for
novice users.
I sort of agree (password management is not simple) although
gnome-keyring-manager, which I _think_ comes by default in GNOME
System->administration->Keyring Management, is not that bad.
This of course does not remove the initial "need to know" issue...
Therefore I tend to think that the password should be retrieved if
available when --keyring is stored, without triggering an interactive
request for the password if not. Would make "checkPassword()" more
tricky, of course.
I don't have a strong opinion either way. I'd maybe lean towards not
retrieving it, but I fully understand if you want to keep the CLI user
interface the same regardless of the password store implementation.
- Jussi