Store log in from WebDM

Seth Arnold seth.arnold at canonical.com
Fri Apr 10 23:37:16 UTC 2015


On Sat, Apr 11, 2015 at 01:28:13AM +0200, Loïc Minier wrote:
> Yup, but at least we will only request the master Ubuntu password when
> connected to the real Ubuntu website rather than passing it to the device
> unencrypted; only the allowed token is then passed to the device. Maybe
> that token can only access the store, or it can be revoked, but it feel
> less of a danger than passing the actual password?

What operations (or which data) would be available to the password that
aren't available to the token?

Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/snappy-devel/attachments/20150410/88e9c3ed/attachment.pgp>


More information about the snappy-devel mailing list