On Mon, 2013-05-06 at 09:21 -0400, Przemek Klosowski wrote: > On 05/03/2013 10:59 PM, Matthew Garrett wrote: > > On Fri, May 03, 2013 at 10:36:51PM -0400, Rahul Sundaram wrote: > >> I was referring to the decision to > >> show the password in full when the user is typing it. > > > > Many UI decisions are unprecedented. That doesn't justify reopening bugs > > that the maintainer has closed. If you want to have a discussion about > > whether or not this is a reasonable UI decision, do so somewhere other > > than Bugzilla. > > > > In all seriousness, this is a substantial UI decision that requires a > commensurate change in user behavior---it shouldn't be dismissed so > easily as marking it NOTABUG. > > Another example of such important change that recently appeared without > recourse and much discussion is the lock screen: previously, the > password unlock widget had focus so one could start typing the password, > while the new behavior is that the focus is in the clock, and one needs > to hit Esc or Enter. I understand the security tradeoffs: the former > behavior is conditioning people to carelessly type passwords in the > blind, so they are more vulnerable to fake authentication dialogs, while > the new one almost uses the SAK (secure attention key) paradigm. Still, > the user behavior change is significant and I keep making mistakes even > though I understand and agree with the new scheme. This was a temporary situation in GNOME 3.6, when the new lock screen was introduced. In GNOME 3.8 (F19), you can just type your password again. > By the way, does Gnome have a SAK? I don't think Esc is a true SAK, but > maybe I am wrong about it? You can't implement a true SAK without support from X and the kernel. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
