We considered a web widget, but it's not really any better than a custom client. A random app can show you some HTML that asks for your Launchpad password, just as a random app can ask for your Launchpad password directly.
We treat the browser as a trusted client not because it displays HTML, but because the user has already entered their Launchpad password into it many times. When a third-party application asks for the Launchpad password the user must make a decision to trust that application. When a third-party application spawns a new tab in the browser the user was already using, the user doesn't have to make that decision. We're falling back to a position of a few standard non-browser clients mainly so that people don't write their own code. Since first commenting on this bug I've heard of third-party clients that eg. crawled through the user's Firefox profile looking for a saved Launchpad password. That's just sick. -- manage-credentials should not ask for Launchpad password directly https://bugs.launchpad.net/bugs/387297 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
