Closed
Bug 652345
Opened 14 years ago
Closed 14 years ago
SecureMail extension should encrypt password reset mail regardless of group membership if the user has provided a key
Categories
(bugzilla.mozilla.org :: Extensions, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: justdave, Assigned: gerv)
References
Details
(Whiteboard: [securemail])
Attachments
(1 file, 1 obsolete file)
1.45 KB,
patch
|
dkl
:
review+
|
Details | Diff | Splinter Review |
What the summary says... The SecureMail extension should encrypt password reset mail regardless of group membership if the user has provided a key to encrypt it with in their preferences.
Assignee | ||
Comment 1•14 years ago
|
||
This should do the trick. Gerv
Assignee: nobody → gerv
Status: NEW → ASSIGNED
Attachment #528118 -
Flags: review?(dkl)
Attachment #528118 -
Flags: feedback?(justdave)
Comment 2•14 years ago
|
||
Comment on attachment 528118 [details] [diff] [review] Patch v.1 Review of attachment 528118 [details] [diff] [review]: ::: extensions/SecureMail/Extension.pm @@ +220,2 @@ $make_secure = 0; + t/001compile.t ....... 30/176 Missing right curly or square bracket at ./extensions/SecureMail/Extension.pm line 326, at end of line syntax error at ./extensions/SecureMail/Extension.pm line 326, at EOF Compilation failed in require at Bugzilla/Extension.pm line 82.
Attachment #528118 -
Flags: review?(dkl)
Attachment #528118 -
Flags: review-
Attachment #528118 -
Flags: feedback?(justdave)
Assignee | ||
Comment 3•14 years ago
|
||
No idea what happened there; a typo just before I uploaded. Try this. Gerv
Attachment #528118 -
Attachment is obsolete: true
Attachment #528146 -
Flags: review?(dkl)
Updated•14 years ago
|
Component: Bugzilla: Other b.m.o Issues → Extensions
Product: mozilla.org → bugzilla.mozilla.org
QA Contact: other-bmo-issues → bmo-exts
Version: other → Current
Updated•14 years ago
|
Whiteboard: [securemail]
Comment 5•14 years ago
|
||
Comment on attachment 528146 [details] [diff] [review] Patch v.2 Review of attachment 528146 [details] [diff] [review]: Looks good. Today I added an extensions/SecureMail/template/en/default/pages/securemail/help.html.tmpl that is a copy of the BMO/Keys wiki text. Please update the text to show that having a key uploaded will always encrypt password reset emails regardless of group membership. r=dkl
Attachment #528146 -
Flags: review?(dkl) → review+
Assignee | ||
Comment 6•14 years ago
|
||
Committing to: bzr+ssh://bzr.mozilla.org/bmo/4.0/ modified extensions/SecureMail/Extension.pm Committed revision 7630. dkl: why move that help text into a page.cgi page rather than the wiki page? Surely that just makes it harder to update? Gerv
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 7•14 years ago
|
||
If it's on the wiki, any Joe off the internet can come and edit it, unless we lock the page. Locking the page makes it equivalently hard to edit as having it as a page.cgi template (find someone with the right permissions to edit it).
Assignee | ||
Comment 8•14 years ago
|
||
(In reply to comment #7) > If it's on the wiki, any Joe off the internet can come and edit it, unless we > lock the page. Locking the page makes it equivalently hard to edit as having > it as a page.cgi template (find someone with the right permissions to edit it). Or we watch it and revert bogus edits. What could they change it to do? Do you think if it said "mail your private key to bugzilla-keys@gmail.com" anyone would be that dumb? Gerv
Comment 9•14 years ago
|
||
Reason being is that we want anyone that wants to be able to use the extension on their own Bugzilla instance. So the help for the extension needs to be self-contained and not always pointing to Mozilla's wiki. The wiki page could change or go away and then everyone's help links become broken. dkl
Reporter | ||
Comment 10•14 years ago
|
||
(In reply to comment #8) > Do you think if it said "mail your private key to bugzilla-keys@gmail.com" > anyone would be that dumb? Yes. Because I've seen it happen. Phishing on the Internet wouldn't exist as a problem if everyone was smart enough to avoid that kind of thing.
Comment 11•13 years ago
|
||
Comment on attachment 528146 [details] [diff] [review] Patch v.2 Review of attachment 528146 [details] [diff] [review]: ----------------------------------------------------------------- ::: extensions/SecureMail/Extension.pm @@ +208,5 @@ > } > } > elsif ($is_passwordmail) { > + # Mail is made unsecure only if the user does not have a public > + # key and is not in any security groups. So specifying a public cool test review @@ +211,5 @@ > + # Mail is made unsecure only if the user does not have a public > + # key and is not in any security groups. So specifying a public > + # key OR being in a security group means the mail is kept secure > + # (but, as noted above, the check is the other way around because > + # we default to secure). test patch review
Updated•5 years ago
|
Component: Extensions: Other → Extensions
You need to log in
before you can comment on or make changes to this bug.
Description
•