I really don't think you are reading my arguments, only regergitating you
preconceived opinions. Who made it your job to "protect the general public"?
Are you somehow smarter than them? Do you really think people will not
understand a well formulated warning message?
There is no such thing as an alsolutely secure system. This enhancement would
have significant benefits to most users.
Braden McDaniel wrote:
> In article <[EMAIL PROTECTED]>, "Peter Lairo" <[EMAIL PROTECTED]>
> wrote:
>
> > Braden McDaniel wrote:
> >
> >> In article <[EMAIL PROTECTED]>, "Peter Lairo" <[EMAIL PROTECTED]>
> >> wrote:
> >>
> >> > "User Profiles should be able to be protected with passwords."
> >> >
> >> > If you agree with the above statement, please vote for this BUG to be
> >> > fixed here:
> >> >
> >> > http://bugzilla.mozilla.org/show_bug.cgi?id=16489
> >> >
> >> > The person managing this bug (Conrad) has been blocking efforts to
> >> > implement this feature.
> >>
> >> I don't see any evidence of that. No patches are attached to the bug
> >> report. *Who* is attempting to implement this?
> >>
> >> You want a placebo and Conrad thinks it's a bad idea. I agree with him.
> >> If someone does create a patch that does as you describe, I hope
> >> mozilla.org has the sense to reject it, regardless of how many naive
> >> votes you manage to drum up.
> >
> > A placebo that prevents 99% of unintentional or novice snooping is not a
> > placebo at all - it is a useful feature.
>
> It is a placebo because it provides no real security since it is known to
> have a substantial and obvious hole. I don't care what you stick in the
> warning dialog, what you're proposing is something that masquerades as a
> security layer. A security system that is known to fail in some cases
> has what is called a "security hole". I object to adding deliberately-
> holey security to Mozilla. I think users lose.
>
> > I would like to know what benefit you have by obstructing this
> > "optional" feature.
>
> None. I'm trying to protect the general public from a Bad Idea.
>
> It sounds like all you really want to accomplish is to make profile
> selection more difficult in order to make it less likely that someone
> will select the wrong profile. I'm sure there are ways to do that without
> masquerading as a security layer. For instance, you could require that
> users type out the profile name they want to select.
>
> Braden
--
Regards,
Peter Lairo
