[RFE] Add a warning if the user decides to not install PSM



16 years ago
a year ago


(Reporter: Matti, Assigned: Curt Patrick (gone))


Dependency tree / graph

Firefox Tracking Flags

(Not tracked)




16 years ago
Many Users don't know what PSM means.
It would be nice if the installer popup a warning if the user decide to not
install PSM.XPI
We get many bugs from users who can't visit HTTPS pages.
(see bug 47617 for the new Necko error message)

"Warning: PSM is needed for SSL. If you not install PSM you are not able to
visit HTTPS pages"
Changing all three installers to add pop up warnings when arbitrary components
are deselected would be a fair amount of work. I'd prefer one of a number of
simpler config.ini solutions we could do without changing the code. Off the top
of my head the obvious ones are

1) change the component text. The name listed is already the expanded "Personal
Security Manager" not PSM (for the benefit of folks reading the bug) but we
could perhaps add "(required for HTTPS, etc.)" to the end of either the name or

2) Don't make PSM optional, always install it (the solution used by Netscape 6.x
and my preference)

I'm not sure why PSM is optional in the first place. It might just be
historical, or there might be good mozilla.org reasons. Are there enough people
who want the smaller non-crypto browser to justify the number of confused
people? Especially in light of the number of people who download the tarball/zip
versions with no optional pieces whatsoever?
I would agree to choice 1).  Add something to the text.  An alert would piss me
off if I unselected PSM which I do on occasion if I just want to download an
older build to test a rendering.

Can we get something in for 0.9.8 ?  Anything we can do to decrease the number
of bugs filed on this would be great.  More QA time can be spent on other bugs.
Keywords: mozilla0.9.8
Hardware: PC → All

Comment 3

16 years ago
The current text was obviously not thought out AT ALL.

Look at the Navigator description. does it just repeat 'Navigator' uselessly?

Look at QFA... *clearly* explains what it does in 7 words. Can we s/crashes to
Netscape/crash data to developers/ here?

Even mailnews clarifies what it is, though E-mail really should be hyphenated.
But that's another battle.

PSM's current description is:
  Personal Security Manager (PSM) for crypto operations
  \----------1------------/ \-2-/     \-------3-------/

1: Start off by wasting half the limited space we have by repeating what they
just clicked on.

2: Now, waste 6 more chars of space giving an abbreviation for no reason

3: Now, say it's for something no user has ever heard of, or thinks they'll need.

So of course there's people posting to the newsgroups daily asking why https
doesn't work, or what the 'No socket' error is for.

> 2) Don't make PSM optional

No! I often skip PSM install as I update mozilla daily... saves some disk space
(I usually have a month of old mozilla installs around, so *30) and download
time. All 3 of the https sites I need to use are IE-only, so unless I know I'll
need it for some reason, I skip it, and XPI it when I rarely end up wanting it.

Also, there are ugly import/export problems with PSM, which a commercial product
like Netscape can manage, but would be bad for Mozilla.org.

Also, eventually, and ideally, there will be alternate SSL implementations.

So, suggestions to make it more clear:
  Cryptography component - required for HTTPS, S/MIME, SSL, etc. support
  Crypto support, required to do SSL (HTTPS), S/MIME, and whatever

Pick one or a combination of the above, and let's get this in, so we don't have
another round of confused users for 0.9.8. Should I file a separate bug for the
small QFA wording change?

Comment 4

16 years ago
I agree 100% with dveditz, and think the answer to his first question is "No". 
However, I'd hate to piss off these 2 guys, and #1 should be sufficient.  Syd, I
think this has a high bang/buck ratio, could we get some suitable text from Doc
and substitute it?

Comment 5

16 years ago
wow talking about inconsistent, i just grabbed the nightly w32 stub installer, 
here are the items i got:

Navigator - Web Browser
Mail & Newsgroups - Email and Newsgroup Software
Personal Security Manager - Personal Security Manager (PSM) for crypto 
Chatzilla - IRC Client
Debugger - JavaScript Debugger
Inspector - DOM Inspector
Quality Feedback Agent - Tool for reporting software crashes

what's good:
1. QFA description is good
2. CZ description is ok, people might argue we don't explain what IRC is, but 
there isn't that much space and saying it's a chat client might result in bugs 
that it doesn't support AIM Chat

what could be improved:
Navigator - Browser core. secure browsing requires a component that implements 
Personal Security Manager - implements https, smime, and other cryptographic 

Reasons why navigator should have an https reference: we can cross link it to 
another component (actually a real link might be spiffy, but for now the user 
will be the cross link). If there is no optional component that lists https 
then the user will know that https isn't available out of the box by using this 
installer. Navigator is the active item in the installer, so that means the 
description will be visible when the user first reaches this screen.

Unfortunately it appears that each installer platform is different, i'm going 
to get a mac or linux box and see what they say (mpt implies that PSM isn't in 
his list...)

Comment 6

16 years ago
dveditz, as I said in bug 47617,
*   HTTPS is optional because (as Timeless took a very long time to say) we
    want Mozilla to be distributable in places where HTTPS is unimplemented
    (e.g. QNX), unnecessary (e.g. some kiosks), or illegal (e.g. Iran).

I think the *name* of the PSM component should be changed from `Personal 
Security Manager' to `HTTPS and S/MIME support' or similar. (I'm assuming you 
can't do anything useful with PSM if it's the only item you install.)

Comment 7

16 years ago
> I think the *name* of the PSM component should be changed [...] to `HTTPS and
> S/MIME support'

"Personal Security Manager" is a distinct product which includes things such as
certificate management, etc, so I think the installer should continue to refer
to it by its real name. HTTPS, and S/MIME are the sort of things that should go
in the description field. (as shown in my suggestion, comment 3).

Also, let's move PSM up one in the installer, so it's right after Navigator.
Puting it after Mail & News makes it get lost in the rest of the bloat a lot of
people don't want. They might see MailNews and just start unchecking everything
after it figuring it's non-browser stuff.


16 years ago
Target Milestone: --- → Future
The descriptions are getting re-worked in bug 123975. I'm trying to get an
improved PSM description into that bug.
Depends on: 123975

Comment 9

16 years ago
This bug also talks about moving PSM to a different location in the components
list which I believe is of interest to ns so I'm adding greggl to the cc list.
PSM is invisible/required in commercial, so order and wording don't matter
there. This Mozilla-only problem comes about because PSM is optional for the
convenience of the extremely small (but exceptionally important) minority of
people who download daily test builds. But for the hundreds of thousands of
casual users who download milestone builds we'd like to make it unlikely or
impossible for them to skip PSM because it just leads to confusion and complaints.

I suppose another option would be to add the INVISIBLE attribute on milestone
branches, and leave PSM optional only in nightly builds. That would be a pain to
remember to do each cycle -- let's try rewording/reordering this component first
and see if that helps.

Comment 11

16 years ago
I'll get things going on Windows.
Assignee: syd → curt

Comment 12

16 years ago
Adding cotter for possible comment on PSM description.

Comment 13

16 years ago
I have no problems if we close this bug.
We had no bugs reports in the last few weeks about a not installed PSM.

Comment 14

16 years ago
I guess if users aren't complaining, that is the ultimate test.
Last Resolved: 16 years ago
Resolution: --- → WONTFIX

Comment 15

16 years ago
Product: Browser → Seamonkey
Depends on: 1296802
You need to log in before you can comment on or make changes to this bug.