BMO Component for Master Password bugs

Justin Dolske dolske at
Mon Jul 18 21:07:11 UTC 2016

On 7/14/16 3:50 PM, Matthew N. wrote:

> Does anyone want to nominate an existing component as the place to move
> master password bugs that aren't consumer-specific? If not, I propose
> creating a new component e.g. "Core::Security: Master Password" to move the
> bugs to.

I think the technically correct answer ("the best kind of correct") is 
that most MP bugs belong in NSS::Libraries and Core::Security: PSM, 
since that's where the actual implementation is. (For those who don't 
know: the "master password" is nothing more than a PKCS#11 token PIN.)

But that's pretty non-obvious to anyone not working in the code, and I 
don't think having the bugs live there makes them any more likely to be 

I suggest just keeping Toolkit::PasswordManager as the default place 
until such time as we can switch a master password implementation that's 
not based on a crufty old token PIN. That's where they're most likely to 
get filed/triaged to in the first place, anyway.

This is a small number of not-really-new bugs, so I'm not really sure it 
merits its own component, either.


More information about the Passwords-dev mailing list