Package: seahorse Version: 3.14.0-2 Severity: important Dear Maintainer,
when unlocking a keyring (other than the login keyring) in Seahorse the password entry dialog has a checkbox labeled 'Automatically unlock this keyring whenever I'm logged in'. If you enter the password and hit enter with this box checked the password for the keyring will be stored in the login keyring, and the other keyring will in the future be unlocked without the user having to enter a password. The box is checked by default every time the password entry dialog appears. Since forgetting to uncheck it just once will cause the password to be stored in the login keyring, making the extra security of keeping a separate keyring severely reduced, I don't think it should be checked by default. It should either be unchecked every time the password entry dialog appears (since it will never appear again once you have stored the keyring password in the login keyring, that seems reasonable), or it should at the very least remember that the user unchecked it last time and don't automatically check it again. Making this even worse, the stored keyring password won't appear in the Seahorse GUI for the login keyring until you have restarted Seahorse, but it will definitely be stored in the keyring. I set the severity to 'Important' because I think this bug can fool a user to inadvertently reduce the security of their stored secrets. -- System Information: Debian Release: 8.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 4.7.0-0.bpo.1-686-pae (SMP w/2 CPU cores) Locale: LANG=en_GB.utf8, LC_CTYPE=en_GB.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages seahorse depends on: ii dconf-gsettings-backend [gsettings-backend] 0.22.0-1 ii gcr 3.14.0-2 ii gnome-keyring 3.14.0-1+b1 ii gnupg 1.4.18-7+deb8u3 ii libassuan0 2.1.2-2 ii libatk1.0-0 2.14.0-1 ii libavahi-client3 0.6.31-5 ii libavahi-common3 0.6.31-5 ii libavahi-glib1 0.6.31-5 ii libc6 2.19-18+deb8u6 ii libcairo-gobject2 1.14.0-2.1+deb8u1 ii libcairo2 1.14.0-2.1+deb8u1 ii libgck-1-0 3.14.0-2 ii libgcr-base-3-1 3.14.0-2 ii libgcr-ui-3-1 3.14.0-2 ii libgdk-pixbuf2.0-0 2.31.1-2+deb8u5 ii libglib2.0-0 2.42.1-1+b1 ii libgpg-error0 1.17-3 ii libgpgme11 1.5.1-6 ii libgtk-3-0 3.14.5-1+deb8u1 ii libldap-2.4-2 2.4.40+dfsg-1+deb8u2 ii libp11-kit0 0.20.7-1 ii libpango-1.0-0 1.36.8-3 ii libpangocairo-1.0-0 1.36.8-3 ii libsecret-1-0 0.18-1+b1 ii libsoup2.4-1 2.48.0-1 Versions of packages seahorse recommends: ii openssh-client 1:6.7p1-5+deb8u3 seahorse suggests no packages. -- no debconf information