https://bugs.kde.org/show_bug.cgi?id=359593
Jan Kundrát <j...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #9 from Jan Kundrát <j...@kde.org> ---
(In reply to msjasinski from comment #7)
> Where do I find (and extract) this so called 'connection log'?
IMAP -> Debugging -> Show IMAP Connection Log (and there's also an option to
log into a file).
> Firstly, the dialog showing IS annoying; it is NOT NOT annoying (even if it
> happens rarely, but unlike you write "when starting trojitá" - not
> necessarily true, it happens also while the app is running).
Nobody of us use Windows. On some window managers on other platforms, the
visual action which happens as a result of a QMessageBox is a pop-up which does
not pop-up to the foreground until the application window gets focus -- i.e.,
if you are working on something else, you won't get interrupted at all.
According to your report, Windows happens to work differently (and the new KWin
in Plasma5 shares this behavior). That might explain why it's a high-profile
blocker issue for you, and "meh, so what" for Thomas and me.
Anyway, this is bug 342940.
> Secondly, what sort of statement is that it is "sort of a gmail specific
> thing"?
Trojita uses TLS key pinning, which means that we do not fully subscribe to the
arguably broken CA model which is now pretty common with X.509 certificates,
where any party among the several hundred of companies can issue any
certificate to any possible domain name, and our systems would still call it
valid -- in other words, a Chinese, Turkish, Russian agency or for example NSA
can (and some of them do, every now and then) issue a certificate to steal your
GMail (or work, or private, or whatever) credentials.
This is a serious problem which is hard to solve (consult all the screaming
about self-signed certs that the web browsers do). Some browsers such as Chrome
ship with a list of pinned TLS keys, where the application starts screaming
badly when the underlying key changes ("key" is what allows one to decrypt the
communication, it is not provided by the CA. "Cert" is something which is
public knowledge, it's issued by a CA, and it's *based on* some private key. In
other words, an attacker who is able to persuade a trusted CA to issue a fake
cert for the attacker's key can get your data.)
> Apart from fact that it may be true. Trojita can use a single
> mailbox; in my case (and half the internet users) it is gmail?
I've heard reports that GMail is special in that they apparently cycle through
private *keys* very often -- hence the weekly prompts. That of course breaks
the TLS key pinning if it really happens. However, it has never happened for my
GMail account as far as I can tell. How come?
> > we can hardly just stop telling you that there was some error (and the core
> > functionality is no longer given)
>
> Fact is, core functionality is still in given. The message is just an
> annoying sign that the app has had a moment of weakness, but it keeps
> running nonetheless.
You guys are each speaking about something else. Thomas says that whenever the
network connection disconnects for some reason (either a crappy cable modem, a
flaky wifi, a broken system configuration, a bug in Qt's network session
management, a bug in some bearer plugin, or a scheduled maintenance on the
remote IMAP server for example), Trojita has to somehow recover form this
condition. Right now, this involves resetting some state, for example the list
of open mailboxes. It's a result of the interrupted network connection, and
it's fair to report that to the user. I agree with Thomas.
You're saying that you do not claim that Trojita is broken, and that you're
merely pointing out that this particular property tends to get annoying --
especially given that the popup dialog is apparently modal on Windows, and that
it interrupts your workflow. You're also right.
> > => Jan, the only resolution I could think of was to defer such messages
> > until the main window gets shown/activated (though the downside of this is
> > that you'll get informed "late" about the dysfunction), at least on windows?
>
> This is not the problem. I can click Alt-Tab and achieve the same effect.
I think that a passive pop-up fully enclosed in the app's main widget is the
way to go -- maybe with a sysray or systemwide notificaiton mechanism.
*** This bug has been marked as a duplicate of bug 342940 ***
--
You are receiving this mail because:
You are watching all bug changes.
