Bug#394416: marked as done (please remove upstream password obfuscation "feature")

Debian Bug Tracking System Thu, 28 Oct 2010 10:33:20 -0700

Your message dated Thu, 28 Oct 2010 19:29:36 +0200
with message-id <[email protected]>
and subject line Re: Bug#394416: please remove upstream password obfuscation 
"feature"
has caused the Debian Bug report #394416,
regarding please remove upstream password obfuscation "feature"
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
394416: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=394416
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: firefox
Version: 1.5.dfsg+1.5.0.7-1
Severity: wishlist

Please remove password obfuscation from signons.txt.  It is annoying and
useless.

Rationale copied from http://gaim.sourceforge.net/plaintextpasswords.php

  "Obscure a password. This means we do something to store the password in some
  format other than plain text, but we automatically convert it for you. This is
  security by obscurity, and is a Very Bad Thing™ in that it gives users a
  false sense of security. A false sense that we (Gaim developers) believe would
  be worse to have than to let informed users deal with the password issue
  themselves. Consider that a naive user might think that it is safe to share
  his or her accounts.xml, because the passwords are "encrypted"."

Upstream BTS:  https://bugzilla.mozilla.org/show_bug.cgi?id=357473

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17-2-amd64
Locale: LANG=ca_AD.UTF-8, LC_CTYPE=ca_AD.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to ca_AD.UTF-8)

Versions of packages firefox depends on:
ii  debianutils               2.17.2         Miscellaneous utilities specific t
ii  fontconfig                2.4.1-2        generic font configuration library
ii  libatk1.0-0               1.12.3-1       The ATK accessibility toolkit
ii  libc6                     2.3.6.ds1-4    GNU C Library: Shared libraries
ii  libcairo2                 1.2.4-3.1      The Cairo 2D vector graphics libra
ii  libfontconfig1            2.4.1-2        generic font configuration library
ii  libfreetype6              2.2.1-5        FreeType 2 font engine, shared lib
ii  libglib2.0-0              2.12.4-1       The GLib library of C routines
ii  libgtk2.0-0               2.8.20-3       The GTK+ graphical user interface 
ii  libjpeg62                 6b-13          The Independent JPEG Group's JPEG 
ii  libpango1.0-0             1.14.7-1       Layout and rendering of internatio
ii  libpng12-0                1.2.8rel-5.2   PNG library - runtime
ii  libstdc++6                4.1.1-13       The GNU Standard C++ Library v3
ii  libx11-6                  2:1.0.0-9      X11 client-side library
ii  libxft2                   2.1.8.2-8      FreeType-based font drawing librar
ii  libxinerama1              1:1.0.1-4.1    X11 Xinerama extension library
ii  libxp6                    1:1.0.0.xsf1-1 X Printing Extension (Xprint) clie
ii  libxt6                    1:1.0.2-2      X11 toolkit intrinsics library
ii  psmisc                    22.3-1         Utilities that use the proc filesy
ii  zlib1g                    1:1.2.3-13     compression library - runtime

firefox recommends no packages.

-- no debconf information

--- End Message ---

--- Begin Message ---

On Sat, Oct 21, 2006 at 08:52:10AM +0200, Robert Millan wrote:
> Package: firefox
> Version: 1.5.dfsg+1.5.0.7-1
> Severity: wishlist
> 
> Please remove password obfuscation from signons.txt.  It is annoying and
> useless.
> 
> Rationale copied from http://gaim.sourceforge.net/plaintextpasswords.php
> 
>   "Obscure a password. This means we do something to store the password in 
> some
>   format other than plain text, but we automatically convert it for you. This 
> is
>   security by obscurity, and is a Very Bad Thing™ in that it gives users a
>   false sense of security. A false sense that we (Gaim developers) believe 
> would
>   be worse to have than to let informed users deal with the password issue
>   themselves. Consider that a naive user might think that it is safe to share
>   his or her accounts.xml, because the passwords are "encrypted"."
> 
> Upstream BTS:  https://bugzilla.mozilla.org/show_bug.cgi?id=357473

Considering this is never going to be fixed upstream, and that I can
only leave the bug wontfix here, which only contributes to making the
list of bugs against the debian package unmanageable, I'll just close
this bug.

Thanks

Mike

--- End Message ---

Bug#394416: marked as done (please remove upstream password obfuscation "feature")

Reply via email to