I use Debian for a few things, like a standalone for Signal, etc. Also for some dvms.
The keyring prompt (two or three of them) on boot (and during template update) is deeply irritating.
I see here that someone has suggested removing the from a debian-dvm template.
Okay, but what are the safety implications of this?
Can passwords be saved in a browser after this? Normally I use Keepasxc from Vault (banking, shopping sites) but for some things like forums (i.e. low risk), I let the browser handle the login details, either in dvm or persistent qubes.
In this convenience:security tradeoff, I am leaning to convenience - but is it too much?
Is removing gnome-keyring removing the Debian system’s ability - for all applications - to manage passwords securely?
What if you are just using one login for one dvm?
And why doesn’t Fedora do this? Am I less safe - or more - using a browser/app’s ability to remember login/password on Fedora
I am aware that the devs have given us Vault for a reason, I just don’t understand how important that is.
And so, is it safe to remove gnome-keyring on Qubes’ Debian templates?
I don’t think there is a point in using keyring if you don’t want to save multiple passwords in the same qube. You need to enter the keyring password to decrypt the keyring storage every time you start the qube, then why not just enter the password to the website/app/etc directly instead of saving it in the keyring.
Also the passwords in the keyring are only protected when the keyring is locked so it’s a protection from something like your qubes storage being leaked (e.g. your backup+backup password). So it’s a very rare case.