xdg-basedir for secrets

[Thomas Kluyver]

On Fri, Jun 7, 2019, at 8:48 PM, Jonas DOREL wrote:
> To me, secrets are fundamentally different from data (even confidential
> data) because they serve as a mean to authenticate you or authorize your
> utilisation of some services.
> 
> I guess the question is: should there be a dedicated folder for secrets
> or should they just be in XDG_DATA_HOME and manage differently by the
> applications (through your configuration) ?

What would be functionally different if they were in a separate directory? What would be the practical advantage to using the hypothetical 'secret' directory rather than 'data'? What's the value in having different applications store their secrets in the same place? Hackers know which folder to steal first? ;-)

You started the thread with a mention of backups. I guess you want to exclude secrets from backups? Does it make a difference whether they're encrypted or not? Does it matter how strong the encryption mechanism or the key are? How useful would it be to specify a 'secrets' directory when there's no way to enforce the spec, so you can't assume it's the only place secrets are stored?

I don't think it's very useful to decide that things seem "fundamentally different". There are thousands of different kinds of data, and we could spend our entire lives arguing about what semantic categories they should go into. Focus on the practical impacts.

Thomas