pinentry's new window titles could be more (less?) informative

Robert J. Hansen rjh at sixdemonbag.org
Thu Sep 28 21:49:01 CEST 2017


> I don't think this pinentry feature will help identify an unwanted
> pinentry request when in fact the user is not surprised by being
> prompted for their key. They'll just think "ah, okay then" and type it
> in. I know I would seven times out of ten, and then I'm being nice to
> myself.

Right, same here.  Complete agreement.

> Basically, I don't think it's a security feature to catch malicious
> activity, like the phishing. It's just informational, which can be quite
> nice, having some information, knowing what's going on.

I mostly agree, except that the current titlebar text is so
over-detailed that it's not in any way informational.  This titlebar
text appears to be a straight-up auditing tool giving you excruciatingly
detailed information about the invoker.

If the titlebar text is intended to be UI polish (which, in its current
form, it does not appear to be) then this is a misimplementation we can
fix with adjusted text.

If the titlebar text is intended to be an audit tool (as it currently
appears to be), then this is a misfeature we should remove.

So let me stake out the first question: what's it supposed to be, polish
or auditing?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 821 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170928/16d2c3a2/attachment.sig>


More information about the Gnupg-devel mailing list