Bug 448357

Summary: Distinguish between different operations on the wallet (like reading keys, adding keys, testing integration, etc)
Product: [Applications] kwalletmanager Reporter: myndstream
Component: generalAssignee: Valentin Rusu <valir>
Status: RESOLVED NOT A BUG    
Severity: task CC: fella, mk.mateng
Priority: NOR    
Version First Reported In: 20.12.2   
Target Milestone: ---   
Platform: Debian stable   
OS: Linux   
Latest Commit: Version Fixed/Implemented In:
Sentry Crash Report:

Description myndstream 2022-01-13 12:40:54 UTC 
SUMMARY
For example when installing a package with pip, it requests access to the main wallet of Kwallet. It just says that it requests to "open" the wallet with no further info on what it would do (or why).

I'd like to know what pip does to the wallet, especially if I was to press Allow, rather than Deny there.

If this is not yet possible, I guess this is about adding different types of distinct permissions for operations on the wallet (like reading keys, adding a key, "testing integration" whatever that means, etc).

See:
https://github.com/pypa/pip/issues/8719
https://askubuntu.com/questions/1205161/annoying-kde-wallet-service-popup-the-application-kded5-has-requested-to-open


STEPS TO REPRODUCE
1.  Install a package with pip install --user package

OBSERVED RESULT
A user prompt appears without useful detailed info about KWallet-wallet access.

EXPECTED RESULT
No prompt should appear because it should not access the wallet, but if it does, it should have good detailed information about what it does exactly and why.

SOFTWARE/OS VERSIONS
Linux/KDE Plasma: Debian 11
KDE Plasma Version: 5.20.5
KDE Frameworks Version: 5.78.0
Qt Version: 5.15.2
KWallet: 20.12.0-1 (that's missing from your dropdown here)

ADDITIONAL INFORMATION
Comment 1 michaelk83 2022-09-06 07:41:44 UTC 
Related to Bug 451039, but more granular. This would need access control for each API method (or group of methods), which can quickly get too confusing for most users (and annoying, if they'll need to Allow/Deny too often).
Comment 2 Tobias Fella 2026-02-11 13:13:50 UTC 
KWallet's security model - or rather, the security model of the traditional, non-sandboxed linux system - doesn't really support allow us to do this in a reliable, safe way. With sandboxed apps and portals it will be possible to do a better job here, but then we're not looking at the kwallet API anymore anyway.