Last modified: 2009-06-23 07:40:07 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20973, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 18973 - Decryption vs. passcode problem
Decryption vs. passcode problem
Status: RESOLVED INVALID
Product: MediaWiki extensions
Classification: Unclassified
SecurePoll (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Tim Starling
:
Depends on:
Blocks: 18991
  Show dependency treegraph
 
Reported: 2009-05-28 02:03 UTC by Robert Rohde
Modified: 2009-06-23 07:40 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Robert Rohde 2009-05-28 02:03:13 UTC 
The private key used in the licensing update vote required a password to decrypt the votes.  Currently SecurePoll assumes that the private key has a blank password.

Either there needs to be a way to enter a password into the Tallier (my preference), or there needs to be very firm and clear warning that the keys used in SecurePoll should have a blank password.  For example a comment with big CAPITAL LETTERS in the setup files.
Comment 1 Tim Starling 2009-06-23 04:09:33 UTC 
What setup files? The vote setup interface hasn't been written yet. I'll take this as a feature request for when it is written.
Comment 2 Robert Rohde 2009-06-23 06:15:12 UTC 
(In reply to comment #1)
> What setup files? The vote setup interface hasn't been written yet. I'll take
> this as a feature request for when it is written.
> 

I was actually referring to the sample files passed to SPI.  There was a warning that the signature needed to have no passphrase, but no warning about the decryption key.  I suppose in the future the setup might be more robust than "here is some SQL code to load", but the underlying issue is still there.  If the person uses a PGP key that requires a passphrase to decyrpt the software as currently written has no way of dealing with that.
Comment 3 Tim Starling 2009-06-23 07:40:07 UTC 
You can't file a bug report against an email I sent. You could perhaps click the reply button in your email client.

There are no setup files in SecurePoll. There is no setup interface where one might ask for a passphrase, but I'll keep passphrases in mind when I write one.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links