Re: [Tails-dev] [Please review] Fix for: FireGPG susceptibl…

Delete this message

Reply to this message
Autor: anonym
Data:  
Dla: The Tails public development discussion list
Temat: Re: [Tails-dev] [Please review] Fix for: FireGPG susceptibletodevastating JavaScript attacks
10/31/2011 05:28 PM, intrigeri:
> hi,
>
> anonym wrote (31 Oct 2011 16:06:39 GMT) :
>>> Also, we must document very well, for end-users, how to deal with
>>> the removal of the encrypt/decrypt/etc. actions on selection.
>>> Maybe leaving these menu entries in place, and replacing their
>>> action with a help popup, would be a nice way to help them migrate
>>> to (slightly) saner habits? Bonus: the same mechanism can be
>>> re-used when we eventually replace FireGPG functionality with
>>> a non-web UI.
>
>> What about this: I change it so that so all menu entries open the
>> FireGPG Text Editor. On the top of the Text Editor I add a short
>> disclaimer stating that using the FireGPG crypto actions are unsafe,
>> that everything should be done in the Text Editor,
>
> Great.
>
>> and that FireGPG will be replaced with some external tool in Tails
>> in the future (so yeah, it's Tails specific).
>
> That specific part is Tails-specific, and could probably be done as
> a separate commit in Git.


Done. Don't expect debian upstream to pull these changes if they'll
eventually recognize that FireGPG is dangerous. I'd never seen any XUL
before, basically, so it's very much a quick'n'dirty hack :).

Cheers!