Public bug reported:
As a user, I want to keep some specific secrets under special protection, i.e.
only manually unlocked on demand and not at login.
Everytime that I manually unlock a keyring, the password dialog contains a
preselected checkbox "Automatically unlock this keyring whenever I'm logged
in". To preserve the status quo (keyring not automatically unlocked) there is
always user interaction required to uncheck the checkbox. In other words,
seahorse defaults to reduce the level of security.
Expected behavior:
- The checkbox should not be preselected.
Rationale:
1. While there might exist cases where a user later wants configure a
keyring to unlock automatically, this is rather a rare case. It causes much
less effort to check the checkbox when you really want to instead of unchecking
it every time.
2. This is very very prone to user error. Here, user error affects security.
3. Once the checkbox is checked, this cannot easily be reverted because the
password dialog won't appear anymore.
- (Maybe) The checkbox should be completely removed.
See justification in https://bugzilla.gnome.org/show_bug.cgi?id=576676
(planned to be included 8 years ago)
I just found this bug has been reported and discussed upstream 3.5 years ago
with a patch submitted that has neither been released nor even reviewed. Now in
the 4th subsequent Ubuntu release users can still not benefit from it. Apart
from the bug itself, the kind of upstream bug-handling is very disappointing
for an app that is at the core of the OS security.
See: https://bugzilla.gnome.org/show_bug.cgi?id=725641
Version: seahorse 3.20.0-3.1
System: Ubuntu 17.10 Gnome Shell
** Affects: seahorse (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to seahorse in Ubuntu.
https://bugs.launchpad.net/bugs/1731757
Title:
When unlocking keyrings, seahorse should remember choice for
"Automatically unlock this keyring"
Status in seahorse package in Ubuntu:
New
Bug description:
As a user, I want to keep some specific secrets under special protection,
i.e. only manually unlocked on demand and not at login.
Everytime that I manually unlock a keyring, the password dialog contains a
preselected checkbox "Automatically unlock this keyring whenever I'm logged
in". To preserve the status quo (keyring not automatically unlocked) there is
always user interaction required to uncheck the checkbox. In other words,
seahorse defaults to reduce the level of security.
Expected behavior:
- The checkbox should not be preselected.
Rationale:
1. While there might exist cases where a user later wants configure a
keyring to unlock automatically, this is rather a rare case. It causes much
less effort to check the checkbox when you really want to instead of unchecking
it every time.
2. This is very very prone to user error. Here, user error affects
security.
3. Once the checkbox is checked, this cannot easily be reverted because
the password dialog won't appear anymore.
- (Maybe) The checkbox should be completely removed.
See justification in https://bugzilla.gnome.org/show_bug.cgi?id=576676
(planned to be included 8 years ago)
I just found this bug has been reported and discussed upstream 3.5 years ago
with a patch submitted that has neither been released nor even reviewed. Now in
the 4th subsequent Ubuntu release users can still not benefit from it. Apart
from the bug itself, the kind of upstream bug-handling is very disappointing
for an app that is at the core of the OS security.
See: https://bugzilla.gnome.org/show_bug.cgi?id=725641
Version: seahorse 3.20.0-3.1
System: Ubuntu 17.10 Gnome Shell
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1731757/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
