Check usage of "SecondEmail" in enigmailKeyManager.js
Categories
(MailNews Core :: Security: OpenPGP, defect, P3)
Tracking
(thunderbird_esr102 wontfix)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr102 | --- | wontfix |
People
(Reporter: thomas8, Assigned: mkmelin)
References
(Blocks 2 open bugs)
Details
Attachments
(1 file)
Let's remove double-check on the uses of "SecondEmail" from encryption territory to prevent cunning bugs!
(In reply to Thomas D. (:thomas8) from Bug 1782481 comment #0)
+++ This bug was initially created as a clone of Bug #1777156 +++
We're no longer using "SecondEmail" now that we support more.
So instances of "SecondEmail" in the code have a high risk of causing weird bugs.
We should eliminate those instances before wasting resources on such bugs.
|
Reporter | |
Comment 1•2 years ago
|
||
Kai, are you able to estimate/shortly describe the user impact/severity of using only "SecondEmail" in enigmailDowloadContactKeysEngine(), i.e. skipping all email addresses except the first on each contact?
Should we raise the Priority/Severity here (currently set at P3/S3)?
(In reply to Thomas D. (:thomas8) from comment #0)
Let's remove uses of "SecondEmail" from encryption territory to prevent cunning bugs!
|
|
Reporter | |
Updated•2 years ago
|
|
||
Comment 2•2 years ago
|
||
(In reply to Thomas D. (:thomas8) from comment #1)
Kai, are you able to estimate/shortly describe the user impact/severity of using only "SecondEmail" in
enigmailDowloadContactKeysEngine(), i.e. skipping all email addresses except the first on each contact?
That's inside a commented block (unused code), so OpenPGP won't be affected.
|
||
Updated•2 years ago
|
|
Assignee | |
Comment 3•2 years ago
|
||
|
||
Updated•2 years ago
|
|
|
Assignee | |
Updated•2 years ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/6281025f7a52
Remove some dead code from enigmailKeyManager.js. r=kaie
Description
•