Hi Chris.

> There's an opportunity to improve the system by mere deletion.

Well ... Monticello needs file-system access anyway for the package-cache. So, I think you are right. :-)

Best,
Marcel
Am 11.06.2020 03:22:00 schrieb Chris Muller <asqueaker at gmail.com>:
Hi Marcel,

this reads like the central password-safe storage Tobias proposed earlier in this thread. 

Okay, but #userAndPasswordFromSettingsDo: exists and works now.  There's an opportunity to improve the system by mere deletion.
 
That storage can be in the file system anyway or use a dedicated interface to the VM to wipe its contents from the object space.

Except we're not wiping the contents on image save, so everyone's passwords are being left in dozens of images.  People reuse sensitive passwords.  We should care about that.
 
I would rather not hard-code it to always rely on file-system access though. :-) Squeak runs without even having access to .changes file.

For this, please prioritize for security first.  Monticello doesn't run without the filesystem.  We have an easy opportunity to better safeguard private user data, is there something else that's rubbing you wrong about this idea?

Best,
  Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20200611/715cfdc1/attachment.html>