← Back to team overview

desktop-packages team mailing list archive

[Bug 1478648] [NEW] missing options in seahorse-tool

 

*** This bug is a security vulnerability ***

Public security bug reported:

Release: Ubuntu 14.04.2 LTS
Package version: 3.8.0-0ubuntu2

When you click on an encrypted file to open it, the dialog window asking
for the passphrase to unlock the secret key does not offer the options
to forget the password, like in previous versions.

On Precise, for instance, you were given the options to forget it after
X minutes, or to forget it if idle for X minutes.

On Trusty, the only selectable option is "automatically unlock this keyring whenever i'm logged in", which is crazy.
The result is that if you unlock the secret key, it stays unlocked until you log out, which is a bit less crazy but not good.

A workaround to avoid this sillyness is to click on the cancel button and then enter the passphrase on the second dialog window that opens right after. This way the secret key works only once for the encrypted file you opened.
I think this is just silly, dangerous and a regression from previous versions.

** Affects: seahorse (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Private Security to Public Security

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to seahorse in Ubuntu.
https://bugs.launchpad.net/bugs/1478648

Title:
  missing options in seahorse-tool

Status in seahorse package in Ubuntu:
  New

Bug description:
  Release: Ubuntu 14.04.2 LTS
  Package version: 3.8.0-0ubuntu2

  When you click on an encrypted file to open it, the dialog window
  asking for the passphrase to unlock the secret key does not offer the
  options to forget the password, like in previous versions.

  On Precise, for instance, you were given the options to forget it
  after X minutes, or to forget it if idle for X minutes.

  On Trusty, the only selectable option is "automatically unlock this keyring whenever i'm logged in", which is crazy.
  The result is that if you unlock the secret key, it stays unlocked until you log out, which is a bit less crazy but not good.

  A workaround to avoid this sillyness is to click on the cancel button and then enter the passphrase on the second dialog window that opens right after. This way the secret key works only once for the encrypted file you opened.
  I think this is just silly, dangerous and a regression from previous versions.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/seahorse/+bug/1478648/+subscriptions


Follow ups