Hi,
winterfairy@??? wrote (25 May 2013 12:20:08 GMT) :
> This patch removed the following Iceweasel prefs from Tails:
> - security.warn_leaving_secure
OK, I'm now convinced this one is overkill :)
> - security.warn_submit_insecure
I'm much less convinced about that one. Warning users who mistakenly
try to submit passwords in cleartext seems useful to me, compared to
the potential for user confusion. Or perhaps we want to delegate this
to HTTPS Everywhere entirely. What do others think?
> These preferences were never applied until the move to
> user.js for Tails 0.18.
I doubt "never" is entirely correct here. I'm pretty sure these
settings were effective in older versions of Tails, e.g. before we
moved bits of the profile to /etc. My point is that at some point
(IIRC), it was the way it worked, and apparently nobody complained.
Granted, Tails had way less users at this point.
Our anonymous web forum makes it hard to evaluate how much user
confusion is actually caused by a change. I've not look very deep, and
I would happily stand corrected, but I'm unsure more than one or two
users complained. Given the current size of Tails userbase, I think we
should be careful when generalizing the reports we get: these days,
almost every change we make triggers some OMG reaction from somewhere,
as does almost every change we don't make ;)
Regardless of the outcome of this discussion, thanks for caring about
this, and many thanks for the commits!
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
