Closed
Bug 885864
Opened 11 years ago
Closed 6 years ago
Warn or Potentially Block the User from setting the date & time in the past
Categories
(Firefox OS Graveyard :: Gaia::Settings, defect)
Tracking
(tracking-b2g:backlog)
RESOLVED
WONTFIX
tracking-b2g | backlog |
People
(Reporter: jsmith, Unassigned)
References
Details
There are many things that go wrong when the date and time in the past - especially around certificate error handling. We should either warn or potentially block the user from setting the date and time in the past. This aims to provide mistake proofing to avoid putting users into a bad state.
Reporter | ||
Comment 2•11 years ago
|
||
TCL is claiming this is a blocking issue for one of the carriers in the dupe, so I'm noming this to block.
blocking-b2g: --- → leo?
Reporter | ||
Comment 3•11 years ago
|
||
Also - this needs UX input on what we should do here to address the operator blocker requirement for this bug.
Flags: needinfo?(firefoxos-ux-bugzilla)
Updated•11 years ago
|
Flags: needinfo?(rmacdonald)
Reporter | ||
Comment 5•11 years ago
|
||
Per Joe's email, this bug was not cited as one of the blocking issues anymore. Pulling nom.
blocking-b2g: leo? → ---
Comment 6•11 years ago
|
||
Unless this is a hard (partner/certification) requirement, UX would rather not punish the user for wanting set time/date back in time, as they might to synchronize their phone to a wristwatch, or as they might after traveling and not having auto-set work. In this case, they could conceivably need to set time/date back a whole day in the future. Please leave the design as-is for now.
Flags: needinfo?(rmacdonald)
Reporter | ||
Comment 7•11 years ago
|
||
(In reply to Stephany Wilkes from comment #6) > Unless this is a hard (partner/certification) requirement, UX would rather > not punish the user for wanting set time/date back in time, as they might to > synchronize their phone to a wristwatch, or as they might after traveling > and not having auto-set work. In this case, they could conceivably need to > set time/date back a whole day in the future. Please leave the design as-is > for now. That's a bad idea. SSL is designed such that there are set timeframes when certificates are valid. So there will be timeframes when the you can potentially put the user into a footgun on the phone if they set their time too far in the future or too far in the past, which will break many phone functions as a result (see the dupe for impact). As the reporter cites, that's not acceptable by any means. We need to figure out a path forward that protects against the user foot gun. Sending this back to UX to discuss again to figure this out.
Flags: needinfo?(firefoxos-ux-bugzilla)
Comment 8•11 years ago
|
||
Then it sounds like a hard technical requirement and what UX thinks is not the concern here, no?
Reporter | ||
Comment 9•11 years ago
|
||
(In reply to Stephany Wilkes from comment #8) > Then it sounds like a hard technical requirement and what UX thinks is not > the concern here, no? What UX thinks does matter, but it's more of understanding how to design a user flow knowing the technical requirement in the product.
Reporter | ||
Comment 10•11 years ago
|
||
If no one is pushing for this to be a blocker now, then let's hold off on the UX discussion. If this becomes raised as important again, let's reopen the discussion.
Flags: needinfo?(firefoxos-ux-bugzilla)
Comment 11•11 years ago
|
||
Dear Jason, It's not blocker for v1.1 any more, but we hope it can be fixed in v1.2, for some carrier network is without NITZ.
blocking-b2g: --- → koi?
Comment 13•11 years ago
|
||
Rob is out until next week. The soonest we could even start is mid next week. This is not a trivial change, as discussed in triage. Since we are already well into 1.3 designs for sprint deadlines, and this will require some significant time for UX given the edge cases around taking the phone on/offline, time zone switching, etc., I am flagging Adam Rogers so he can adjust 1.3 plans based on the UX time we'll need to address this 1.2 issue. Adam, we'll also need to identify the engineer who is going to implement this, so we can have short cycles around the UX. Adam, not sure if you're even aware that this is a hard requirement, or if you may want to look into this first.
Flags: needinfo?(swilkes) → needinfo?(arogers)
Comment 14•11 years ago
|
||
Also, Adam, Rob's early input is included in my comment #6 (I just typed our IRC chat).
Comment 15•11 years ago
|
||
triage: not blocking 1.2. move to 1.4? for future consideration
blocking-b2g: koi? → 1.4?
Comment 16•11 years ago
|
||
If the user has chosen to not use the network time as a definitive source or if the network time is not a definitive source (it's incorrect or not broadcasting). How does the system know that the user has set their time to be something in the past? I have no issues with warning the user that changing the date significantly may cause problems, but I am not in favour of blocking their ability to do so - if someone wants to believe it's 1974 that's OK with me. +pdol, as this required systems input.
Flags: needinfo?(arogers) → needinfo?(pdolanjski)
Comment 17•11 years ago
|
||
Do we have a good idea of the threshold, in terms of time before or after current, which core functions stop working due to the time bound SSL certs? For example, it does seem silly to warn someone about an issue (that they won't hit) if they set their time a few minutes into the past.
Flags: needinfo?
Comment 18•10 years ago
|
||
NI on Jason. Jason, if you know who might be able to answer my question, feel free to NI them.
Flags: needinfo?(pdolanjski)
Flags: needinfo?(jsmith)
Flags: needinfo?
Reporter | ||
Comment 19•10 years ago
|
||
(In reply to Peter Dolanjski [:pdol] from comment #18) > NI on Jason. Jason, if you know who might be able to answer my question, > feel free to NI them. The typical use case for length of time for a SSL cert to be granted is 1 - 5 years. So on that regard, a warning would probably only be useful to issue if the user starts changing the year parameter of the date of the phone.
Flags: needinfo?(jsmith)
Comment 20•10 years ago
|
||
Added to backlog, but considering it's non-partner blocking moving it off 1.4 for now.
Blocks: 908549
blocking-b2g: 1.4? → ---
Updated•10 years ago
|
blocking-b2g: --- → backlog
Assignee | ||
Updated•9 years ago
|
blocking-b2g: backlog → ---
tracking-b2g:
--- → backlog
Comment 21•6 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•