Closed Bug 735157 Opened 12 years ago Closed 12 years ago

unable to reset password for accounts in security groups that require encrypted email if you haven't provided a public key

Categories

(bugzilla.mozilla.org :: Extensions, defect)

Product:
bugzilla.mozilla.org
Component:
Extensions
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: glob, Unassigned)

Details

the securemail ext has:

  # Mail is made unsecure only if the user does not have a public
  # key and is not in any security groups. So specifying a public
  # key OR being in a security group means the mail is kept secure

if you're in a security group which has encrypted bugmail enabled, but you haven't provided a public key, you are unable to change your password.


for password emails we should use the existence of a public key only, not group membership.
justdave pointed out on irc that this is most probably by design.
this looks right after a quick reading of bug 190945.

the password reset email which is sent when you haven't provided a key looks like:

> This email would have contained sensitive information, and you have not set 
> a PGP/GPG key or SMIME certificate in the "Secure Mail" section of your user 
> preferences.
> 
> You will have to contact bugzilla-admin@mozilla.org to reset your password.

which is very clear about what happened and what needs to happen for someone to reset their password.

--> wontfix
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Yep; I think the line is "this group needs to be secure; provide a public key or suffer reduced service", not "you have the option of providing a public key to take part in making this group more secure, but you don't have to".

Gerv
Component: Extensions: SecureMail → Extensions
You need to log in before you can comment on or make changes to this bug.