(In reply to David Keeler (:keeler) from comment #89)
> * It still needs (at least) a review from a PSM peer. As far as I know, Kai
> is unavailable to do PSM reviews. Other peers are listed here:
> https://wiki.mozilla.org/Modules/All (search for "PSM")
I am the PSM module owner but I am not even a peer in the toolkit or
Firefox modules where the password manager lives. I am very interested
in removing all the master password prompts on all platforms.
I know very little about Linux compared to most of the people CC'd on
this bug; please be patient with me if I say something stupid.
1) I see in the patch that this is a build option that is off by
default. I would prefer it to be ON by default for all Linux desktop
builds, and if libsecret isn't available at runtime, then we just don't
use it and we disable the Firefox UI related to the Gnome Keyring. Is
there anything inherently wrong with doing it this way?
2) The patch contains a prompt that asks "Do you want to save master
password to system password manager?" But, this seems like the wrong
question. I think, instead, the "Change Password" dialog box should look
something like this:
(*) Protect my data with my system password (recommended)
( ) Use a master password:
New Password: [ ]
Confirm Password: [ ]
( ) Don't protect my data
If we did it this way, then we wouldn't need that separate prompt. Also,
this UI would work for all operating systems, AFAICT. (Note: I am not a
UX person and in theory a UX person should design the UI for this.
However, this may get blocked for a long time if we wait for a UX person
to design it, so I suggest you build a prototype UI and have the UX
people review it. If it works well on Linux then we could port the same
UI to other platforms.)
3) The Gnome keyring should never store/protect a password that the user
entered. Instead, it should store a randomly-generated key (e.g. 32
bytes of randomness from nsIRandomGenerator, or similar). NSS's
protection of the master password is very weak, and also users will
almost always choose relatively weak passwords, so using a random key as
the NSS password is important.
4) Some people at Mozilla are working on this "Sign into the browser" /
"Profile in the Cloud" thing, of which Sync is a part. See
https://wiki.mozilla.org/Identity/AttachedServices. I think it is
important to make sure that the people working on this feature discuss
it with the the Identity people to make sure that this work and that
work is compatible/complementary.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/217300
Title:
Seahorse integration
Status in The Mozilla Firefox Browser:
Confirmed
Status in “firefox” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: firefox
The Seahorse SSH integration totally rocks!
Would it be possible to integrate Firefox with Seahorse to manage web site
passwords or the Firefox master password?
To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/217300/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
