Re: [Tails-dev] [Please review] Fix for: FireGPG susceptible…

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [Please review] Fix for: FireGPG susceptible todevastating JavaScript attacks
10/28/2011 11:59 PM, intrigeri:
> Hi,
>
> anonym wrote (28 Oct 2011 14:47:08 GMT) :
>> 6c9ea7f Remove irrelewant "Check for PGP blocks in pages" option.
>> 0d1a8aa Fore disable inline PGP block detection.


Woah! Nice typos I made there!

> It seems to me the status bar icon that allows to toggle inline
> OpenPGP blocks detection is still present. It should not, right?


Right.

> Also, we must document very well, for end-users, how to deal with the
> removal of the encrypt/decrypt/etc. actions on selection.
> Maybe leaving these menu entries in place, and replacing their action
> with a help popup, would be a nice way to help them migrate to
> (slightly) saner habits? Bonus: the same mechanism can be re-used when
> we eventually replace FireGPG functionality with a non-web UI.


What about this: I change it so that so all menu entries open the
FireGPG Text Editor. On the top of the Text Editor I add a short
disclaimer stating that using the FireGPG crypto actions are unsafe,
that everything should be done in the Text Editor, and that FireGPG will
be replaced with some external tool in Tails in the future (so yeah,
it's Tails specific).