Current clipboard issue

[Gerhard A. Dittes]

Hi everyone,

I've recently sent out a "git formatted patch" to address a current Clipboard Manager (klipper) issue.

I'm a long-time Debian user and recently switched to Debian Trixie, as it's now in hard freeze.

One of my common workflows is to conveniently paste frequently used items via klipper (which IMHO is exactly what this clipboard manager is meant for).

At this point, I’d like to mention how great I find it that "pass" already has support for klipper (clearing), so I previously never had to worry much about sensitive clipboard contents!

All the more shocked I was recently, when I was working with a colleague at my computer and my passwords suddenly became visible every time I opened the klipper window via shortcut.

For me, this poses a major security risk, as I often work with colleagues at a shared machine. That’s why I first applied a local fix for myself.

However, it occurred to me that this issue could have much wider implications once Debian Trixie is released and a large number of users upgrade.

At first, I wanted to report the bug to the corresponding Debian maintainer, but after looking around I realized that many distributions are affected from this (at least all that I tried). So until all distributions implement their own solution, it might be more effective to address the issue upstream.

Therefore, the question is: can we consider my patch? (Or fix it in some other way? (Due to the existing comment right above the relevant code line, I assumed a simple, one-line patch would be more desirable than a more complex solution.))

Thanks & regards, Gerhard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20250718/1abeda47/attachment.sig>