Closed Bug 1831387 Opened 2 years ago Closed 2 years ago

Override core String pp-empty-warning in Thunderbird

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 114
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX
Milestone:
114 Branch

People

(Reporter: KaiE, Unassigned)

References

Details

(Whiteboard: [snnot3p])

Firefox core has a string that I'd like to override in Thunderbird, is that possible?

https://searchfox.org/mozilla-central/rev/5c922d8b93b43c18bf65539bfc72a30f84989003/toolkit/locales/en-US/toolkit/preferences/preferences.ftl#12-13

I'd like to override pp-empty-warning to say:

"Your stored passwords and private keys will not be protected, except OpenPGP private keys for which you have set a passphrase."

Flags: needinfo?(rob)
See Also: → 1679278
Whiteboard: [snnot3p]

Maybe it's better to just update the toolkit string to say "Your stored passwords and private keys will not be protected by the Primary Password".
Which holds for all cases.

Good idea, this would work for me.
I'll file a toolkit bug.

(In reply to Magnus Melin [:mkmelin] from comment #1)

Maybe it's better to just update the toolkit string to say "Your stored passwords and private keys will not be protected by the Primary Password".
Which holds for all cases.

Well, I was too quick with my +1, I'm no longer sure.

One could argue, if the user has removed the p.p., then there's none, and then it might be strange to talk about THE p.p.

Also note that the above mentioned string will be shown in combination with pp-erased-ok, so the new suggested string would have to make sense in that combnation.

Also look at the linked ftl file, this substring is shown in combination with another string "Warning! You have decided not to use a Primary Password." and I think it would sound wrong to combine that with text that talks about THE p.p.

Maybe we could change "private keys" to "private keys of your certificates".

While some OpenPGP software uses the term "certificate" also for "OpenPGP public keys", Thunderbird doesn't use that term for OpenPGP public keys. So one could argue that's sufficient.

See Also: → 1831575

Turns out this is pretty easy to do.

In /comm/mail/locales/jar.mn:

[localization] @AB_CD@.jar:
  browser                                                               (%browser/**/*.ftl)
  messenger                                                             (%messenger/**/*.ftl)
  toolkit/preferences/preferences.ftl                                   (%toolkit/preferences/preferences.ftl)

Add the toolkit/ line.

Then, copy /toolkit/locales/en-US/toolkit/preferences/preferences.ftl to /comm/mail/locales/en-US/toolkit/preferences/preferences.ftl and make the changes you need.

Unfortunately, it looks like in terms of the strings in that file, it's all or nothing. And since we cannot change the string id's... doing this is a bad idea.

  • do a string migration for strings we are not changing, copying from toolkit to mail.
  • Do not migrate the strings being changed
  • Translators will see the un-migrated strings as new and be able to translate
    but
    If we ever needed to change any of those strings in the future, they'd new new IDs, but we don't have the HTML in our tree...

To do this right, we can use chrome registration overrides to override the HTML and JS for changemp.xhtml and removemp.xhtml (and .js). At that point, you're free to do whatever you want. But that string is only loaded via JS functions, so you will end up copying huge functions just to replace a couple of strings.

Could a message go in the Settings page near the "Change Primary Password" button that says that it doesn't protect OpenPGP keys? Then there's no need to change the Primary Password dialogs.

Flags: needinfo?(rob)

Rob, thanks for investigating.

I agree we should avoid extra work, and should not duplicate those strings.

I'm making progress in bug 1831575, we will probably land a string that avoids the confusion in the wording.

The updated string in bug 1831575 will talk specifically about "certificate private keys", which means it's clear it isn't talk about OpenPGP private keys, and I'm ok with that. (It avoids having to explain the potential difference of protection levels of OpenPGP private keys in that string.)

(In reply to Rob Lemley [:rjl] from comment #5)

Could a message go in the Settings page near the "Change Primary Password" button that says that it doesn't protect OpenPGP keys? Then there's no need to change the Primary Password dialogs.

That string would have to show a more detailed statement. Because OpenPGP private keys can be protected EITHER by the primary password OR by an individual passphrase, and users could have a mix, based on what they decide to do. And there isn't a trivial way to query the existing protection mechanism for the user's keys, so I wouldn't want this string to be dynamic either.

I'm marking this as wontfix, in the hope that we'll succeed with the change in bug 1831575, and declare that an acceptable solution.

Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.