Revelation password manager issue

Kevin Fenzi kevin at
Thu Jun 14 14:42:47 UTC 2012

On Thu, 14 Jun 2012 07:40:50 -0500
Josh Bressers <josh at> wrote:

> Hello all,
> I suspect this is going to be a weird problem to figure out.
> Relevation password manager
> Password Manager
> Has been found to be unsafe.
> I would hope it gets fixed at some future point, but something should
> probably be done in the short term.
> I'm not sure what Fedora precedent is on issues like this. We can't
> really revoke such a package, and we also want to give users a warning
> to use a different password manager (I'm not entirely sure how to best
> do this).
> Does anyone have any thoughts?

Sad ones. ;( 

Possible options: 

- Push out an update that adds a big warning dialog to the package
  pointing to the issues

- Obsolete the package with another password manager thats more secure. 
This is not very ideal though as it's unlikely to have the same
features and so on. 

- Update the package with a readme, etc on the issue, replacing the
  binary. This is non ideal as it's removing functionality (all be it
  insecure functionality). 

I guess I would say the first option is the best, but thats something
that the maintainer(s) of the package should put together, or at least
agree with someone creating. 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <>

More information about the devel mailing list