[Bug 1960306] [NEW] Backport feature to show hidden passwords

Łukasz Zemczak 1960306 at bugs.launchpad.net
Tue Feb 8 11:05:25 UTC 2022 

Public bug reported:

[Impact]

Currently, while the root cause of the notorious bug LP: #1875062 is
still not entirely known, certain affected users can type in an
unexpected password during installation with no means to check what was
actually typed in. As a semi-workaround, in jammy we have added a
'feature' to be able to temporarily show the typed in passwords for both
the GTK and KDE frontends. This way users can at least double-check if
the password they typed in is what was expected.

I think it's important to get this semi-workaround for 20.04.4, even
though it's more of a feature than a bugfix. This way at least users
have *some* means of protecting themselves. Even without this, this is a
feature that is worth having.

Note to SRU members: this is essentially an UI-changing request, so it
might require an ACK from the documentation teams (might need updating
some installer screenshots?). So I'd understand if there is a pushback
on this. However, I still think this is a feature really nice to have
for .4

[Test Case]

Repeat for both Ubuntu and Kubuntu desktop:
* Download latest -proposed daily image
* Proceed with installation normally
* In partition layout, select LVM with encryption, make sure it's possible to unhide and hide the encryption password
* Further down the road, on the user configuration screen, make sure it's possible to unhide and hide the user password

[Regression Potential]

No core logic is touched, so most probable regressions are around the UI
aspect of the installer. It's possible that due to an error the GTK or
KDE UIs for password input will be corrupted, or logic with button press
somehow messed up.

It's good to double check if password verification still works as before
the change - though please note that I saw that the KDE frontend seems
to be missing some icons for 'correct/incorrect password' in the LVM
encrypted partition password selection even before the change.

** Affects: ubiquity (Ubuntu)
     Importance: Medium
     Assignee: Łukasz Zemczak (sil2100)
         Status: Invalid

** Affects: ubiquity (Ubuntu Focal)
     Importance: Medium
     Assignee: Łukasz Zemczak (sil2100)
         Status: In Progress

** Also affects: ubiquity (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: ubiquity (Ubuntu Focal)
       Status: New => In Progress

** Changed in: ubiquity (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: ubiquity (Ubuntu)
       Status: In Progress => Invalid

** Changed in: ubiquity (Ubuntu Focal)
     Assignee: (unassigned) => Łukasz Zemczak (sil2100)

** Changed in: ubiquity (Ubuntu Focal)
    Milestone: None => ubuntu-20.04.4

** Merge proposal linked:
   https://code.launchpad.net/~ubuntu-installer/ubiquity/+git/ubiquity/+merge/415243

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1960306

Title:
  Backport feature to show hidden passwords

Status in ubiquity package in Ubuntu:
  Invalid
Status in ubiquity source package in Focal:
  In Progress

Bug description:
  [Impact]

  Currently, while the root cause of the notorious bug LP: #1875062 is
  still not entirely known, certain affected users can type in an
  unexpected password during installation with no means to check what
  was actually typed in. As a semi-workaround, in jammy we have added a
  'feature' to be able to temporarily show the typed in passwords for
  both the GTK and KDE frontends. This way users can at least double-
  check if the password they typed in is what was expected.

  I think it's important to get this semi-workaround for 20.04.4, even
  though it's more of a feature than a bugfix. This way at least users
  have *some* means of protecting themselves. Even without this, this is
  a feature that is worth having.

  Note to SRU members: this is essentially an UI-changing request, so it
  might require an ACK from the documentation teams (might need updating
  some installer screenshots?). So I'd understand if there is a pushback
  on this. However, I still think this is a feature really nice to have
  for .4

  [Test Case]

  Repeat for both Ubuntu and Kubuntu desktop:
  * Download latest -proposed daily image
  * Proceed with installation normally
  * In partition layout, select LVM with encryption, make sure it's possible to unhide and hide the encryption password
  * Further down the road, on the user configuration screen, make sure it's possible to unhide and hide the user password

  [Regression Potential]

  No core logic is touched, so most probable regressions are around the
  UI aspect of the installer. It's possible that due to an error the GTK
  or KDE UIs for password input will be corrupted, or logic with button
  press somehow messed up.

  It's good to double check if password verification still works as
  before the change - though please note that I saw that the KDE
  frontend seems to be missing some icons for 'correct/incorrect
  password' in the LVM encrypted partition password selection even
  before the change.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubiquity/+bug/1960306/+subscriptions

More information about the foundations-bugs mailing list