Closed Bug 1393151 Opened 4 years ago Closed 3 years ago

Remove the "Master Password Timeout" feature from SeaMonkey


(SeaMonkey :: Passwords & Permissions, enhancement)

SeaMonkey 2.54 Branch
Not set


(seamonkey2.54 wontfix, seamonkey2.55 fixed)

Tracking Status
seamonkey2.54 --- wontfix
seamonkey2.55 --- fixed


(Reporter: keeler, Assigned: frg)




(2 files)

In bug 1393143 we're removing some interface methods and attributes that aren't used in Firefox (or Thunderbird, or that matter). Among these are nsIPK11Token.getAskPasswordTimes, getAskPasswordTimeout, and setAskPasswordDefaults. Apparently these are actually used in SeaMonkey to implement the "Master Password Timeout" feature (Preferences -> Privacy & Security -> Master Passwords).

I'm having a hard time coming up with a reasonable threat model under which this provides any useful security, so I think it should be removed. If it's necessary to have, it can be reimplemented in code that lives in SeaMonkey itself rather than mozilla-central.
Assignee: nobody → frgrahl
Attachment #8918587 - Flags: review?(iann_bugzilla)
Version: unspecified → SeaMonkey 2.54 Branch
Summary: remove or reimplement the "Master Password Timeout" feature → Remove the "Master Password Timeout" feature from SeaMonkey
Comment on attachment 8918587 [details] [diff] [review]

LGTM r=me

I know it is not within the scope of this bug but Master Passwords and Passwords pref panels are looking very sparse these days, maybe they could be merged?
Attachment #8918587 - Flags: review?(iann_bugzilla) → review+
Pushed by
Remove "Master Password Timeout" feature from SeaMonkey preferences. r=IanN
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.55
The last commit got my attention because of the following:

> + <li><strong>Log In</strong>: Log into the selected security device.</li>
>   <li><strong>Log Out</strong>: Log out of the selected security device. After

Please note that to "log in" is a verb - even a phrasal verb - a "login" is a noun. That means the following:

- One cannot "login" to something, but one can "log in" (or be "logged in") to something instead. 
- One cannot "log into" (or be "logged into") something either in the above context - phrasal verbs do not allow their "in" part to be combined with a following "to", as their meaning will simply change.
One can however "[dive] into" a pool, an application can "[log] into" a log file, or one can "paste a log into a textarea". Getting access to a website or other computer environment or device is by no means a justification to see this in another way.

This has come up in other bugs and is / should still be mentioned in the Sumo [1] and MDN [2],[3] (or any other) style guide respectively. The same thing applies to "sign in (to)". Afaict, Firefox and Thunderbird are not affected.

I’d suggest to file a separate bug for fixing all instances of "log into" and "logged into" in SeaMonkey (currently 6 in Help files). I’m willing to do so if no-one else is or has time.

Ton if you do a patch I would be happy to review it. Just a bit swamped right now to do it myself.
Flags: needinfo?(tonnes.mb)
OK, do you want me to attach it to this bug, or file a new one?
Flags: needinfo?(tonnes.mb)
Please file a new one. Big thanks.
See Also: → 1410646
No longer blocks: 2.56BulkMalfunctions


IanN can you set a+

Attachment #9041008 - Flags: review+
Attachment #9041008 - Flags: approval-comm-esr60?
Comment on attachment 9041008 [details] [diff] [review]

Attachment #9041008 - Flags: approval-comm-esr60? → approval-comm-esr60+
Pushed by
Follow-up: Fix missing closing sequences and correct text in help file. r=me
Comment on attachment 9041008 [details] [diff] [review]
Follow-up: Fix missing closing sequences and correct text in help file. r=me a=IanN
You need to log in before you can comment on or make changes to this bug.