Comment 118 for bug 41179

Revision history for this message
In , 2-brian (2-brian) wrote :

(In reply to Jesse Glick from comment #100)
> Agreed that it feels unnatural to have to define a master password when you
> are using the native keyring. But bear in mind that the whole approach of
> continuing to use proprietary password storage, and keeping only a single
> decryption key in the native keyring, is unnatural to users and has the sole
> merit (I presume) of requiring fewer code changes. Proper integration means
> storing all passwords as regular entries in the native (login) keyring,
> where they can be inspected and even edited using standard tools like
> seahorse. This is what Chrome seems to do, and what you would expect any
> polite application to do.

Let's please tone down the rhetoric regarding "proprietary" a little bit. The Gnome keyring is no less proprietary than any part of Firefox is.

I am not opposed to Firefox doing what you suggest if it isn't problematic to do so. But, please explain how a user would switch from Linux to Windows and bring their passwords with them; then please explain how a user would switch from Windows to Linux and get their passwords in the Gnome keystore. Right now a Firefox user can just copy their profile directory over to the new platform and they're done. With the "random master password" mechanism, they would have to first change from the random password to a user-entered password before copying the profile files over. With the "all passwords stored in the OS keyring directly" approach...I am not sure; help me understand what would happen.

Also, syncing of passwords across devices is a must-have requirement. So, any solution for this bug must support Firefox Sync, and must not complicate the implementation of the upcoming improvements to Firefox Sync.