Bug#843645: Username unconditionally checked
Andrey Gursky
andrey.gursky at e-mail.ua
Tue Nov 8 18:28:19 UTC 2016
Hi Alexandre,
On Tue, 8 Nov 2016 13:07:42 -0500
Alexandre Viau <aviau at debian.org> wrote:
> I don't think that this is a bug, unless you point me somewhere in the
> Debian Policy that states that this is indeed a bug.
>
> We want to make Ring as easy to use as possible for non-technical users,
> and choosing good defaults is important. This is why we check the box by
> default. We also think that looking up usernames as you type is much
> more user friendly.
>
> Please prove me wrong If I am and I will be happy to get this fixed.
>
> There is an ongoing effort to make privacy breaches a part of the Debian
> Policy here:
> - https://bugs.debian.org/726998
>
> However, this specific bug only talks about documentation.
>
> If this is indeed a bug, I would fix it by adding a configure flag to
> the gnome client that would allow changing the default state of the
> checkbox.
>
> I will wait a little bit for your answer, then I will mark this bug as
> wontfix and close it.
Easy and non-technical but secure? Hmm, it's something really hard to
achieve, if even possible. There is always a trade-off, but if the Ring
projects emphasizes the convenience, then the security part might
suffer...
As the user types? Exactly! But not picking the user's system name and
without to ask send it away. So if you insist on leaving checking by
typing, I'm fully OK with it. But never pick something (possibly
private!) and send it away. So a reasonable compromise would be to not
set a name by default, but leave the field empty. By starting typing
the user is aware, that this will be sent away.
But until secured http get's setup, please add a warning, that the name
will be sent UNencrypyed.
Regards,
Andrey
More information about the Pkg-voip-maintainers
mailing list