Secrets management for Flatpak applications

At this year’s GUADEC, I talked about how Flatpak applications could manage user secrets such as passwords. It has now been summarized as an article on

TL;DR, the points are:

  • If your app is using libsecret and you are willing to avoid unnecessary exposure of D-Bus Secret Service API to Flatpak sandboxes, we recommend to stick with (or port to) the simple API of libsecret
  • libsecret and co. are still maintained and your help is greatly appreciated! :-)

Talk on TLS 1.3 APIs

I have been recently working on TLS (Transport Layer Security) libraries, in particular GnuTLS and NSS. For the last few years there had been a lot of activities in upstream implementing the latest standard, which officially came out as TLS 1.3. While the protocol design drastically changed from TLS 1.2, applications usually don’t need to be modified to just enable TLS 1.3; that is a good thing. On the other hand, a new API set is added to support the new concepts in TLS 1.3, such as 0-RTT mode.

In January, I had a chance to talk at (and later FOSDEM) to go through those new APIs (slides, recording), which I hope application developers might find useful. Note that the APIs are still changing as we continue adding remaining features to the libraries.