=== TheMaster is now known as Unit193
hallynsay, anyone here very well versed in the translation stack? xlm2po and itstool and such?14:43
hallynPieces of the german manpages for shadow are coming out untranslated, and i've not yet figured out why.  but it's all black magic to me14:44
rbasakhallyn: try #ubuntu-devel maybe? Gunnar is the person I'd ask but it doesn't look like he's online right now.15:08
BloatJanitorWhy isn't the default for smartcards to lock on removal?15:16
leosilvasarnold: do you have a design answer for that question ^ 15:27
BloatJanitorThat is Gnome's default but it seems the default doesn't make much sense for people that actually use the feature.15:42
JanCit depends on who uses it for what, I suppose15:42
BloatJanitorThe other option listed is forced-logout. I just don't see an actual usecase where you wouldn't want one of the two action behaviors.15:48
JanCBloatJanitor: I agree that a automatic lockscreen makes a lot of sense; probably best file a bug upstream with Gnome about that16:33
JanCbut I assume some people just want to use a smartcard to login, but also be able to keep using their system while using the smartcard for something else (at home or in another place where everyone is trusted, I suppose)16:37
JanCmaybe the default is just because it's less likely to lock you out of your system in case something is flaky or otherwise doesn't work well...16:39
BloatJanitorI only mention it because I haven't see a single guide, STIG or otherwise that doesn't have it changed to lock or logout16:47
BloatJanitor(For using smartcards on linux on gnome)16:47
BloatJanitorEven healthcare and education guides are mentioning it16:48
JanCBloatJanitor: maybe that's why they don't make it default: people who really need it in a professional setting probably already know how to configure that, while tinkering home users won't be locked out of their account as easily?17:08
BloatJanitorDoesn't that happen anyways by... not having a smartcard?17:10
BloatJanitorThe userbase of smartcards is prosumer or professional use by default. Does a single consumer PC exist with a builtin smartcard reader?17:12
JanCeveryone in Belgium & several other EU countries has a smartcard (ID cards are smartcards)17:12
BloatJanitorBy that rationale my credit card is a smartcard17:13
JanCand you need that to file your taxes, access healthcare/social security etc.17:13
JanCso most people here have a smartcard reader too17:13
BloatJanitorSo explain the usecase. Your browser USB API connects to the reader to login to health data CRM?17:14
BloatJanitorMind, this is specifically about login tied smartcards17:15
JanCthere is a browser security plugin that can access the certificate on the card after you enter a PIN, but you can also use it for login to your desktop (most people don't do that, but I could see some trying it...)17:16
BloatJanitorSo wouldn't you want to secure said user who chooses an extra layer of security as a sub-niche of a sub-niche of a sub-niche? After all If they login and look up their health data then looking at their driving renewal, that would be a single use instead of three times?17:18
JanCthe browser is separate from the Gnome login17:19
BloatJanitorWhich is exactly my point17:19
BloatJanitorIf you're using both it matters. If you're using one it doesn't.17:19
JanCthe browser plugin drops the certificate when the card disappears, so that is secure (now)17:21
BloatJanitorWhich has what do to with the login?17:22
JanCanyway, you betetr ask Gnome upstream for their motivations, I'm just giving you possible reasons of why the default is like it is now17:24
BloatJanitorIf you're using a smartcard to login, there is a rational or irrational reason to fear your environment by default in non-compliance conditions.17:24
JanCI just know some people configured it to login using their eID—mostly because they could, not because they have to—but they might not necessarily want the card in the slot all the time  :)17:24
JanCand those people don't have any compliance to care about17:24
BloatJanitorCan you come up with a usecase in which they wouldn't while also needing to use the computer?17:25
JanCmany, but they all involve people who don't really require smartcards (for compliance/security reasons)17:34
JanCe.g. if I would set up a system at home to log in using my eID/smartcard, I would want to be able to put away my eID in my wallet immediately, so that I don't forget it when leaving the house  :)17:35
JanCbut again: for the actual reasoning about the default, ask upstream17:36
JanCmaybe if your smartcard reader has a habit of going to sleep or reset after a while, or the card gets "disconnected" easily if you accidentally bump it, that could be annoying too if you get logged out/locked out every time that happens...17:46
hallynrbasak: thanks.  travelling, but will ping him when i will be at kbd for more than a few mins21:40

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!