On Mon, Sep 23, 2013 at 4:28 PM, Jim Blandy <[email protected]> wrote: > I don't even think we should *require* users to wipe sensitive data to > enable debugging. We should *offer* to do so, but forcing it seems like > building in the assumption that users who are choosing to develop can't > consider the consequences of that choice. Is that the way we want to treat > people?
I'm not sure what you mean here. If we assume that most users won't ever turn on debugging, and we assume that the attacker might turn on debugging. Then what is the purpose of asking about wiping the phone at the time of turning on debugging? The only thing in that direction I could see doing would be to ask at the initial phone boot if the user wants to enable security features like "wipe on debug turn-on". But I doubt that we'll be ok with adding UI during the first-time-run specifically about developer features. / Jonas _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
