#480 [nautilus] Encrypted zip exctracts weirdly with wrong passphrase | rhbz#2007697
Closed 2 years ago by blockerbot. Opened 2 years ago by blockerbot.

Bug details: https://bugzilla.redhat.com/show_bug.cgi?id=2007697
Information from BlockerBugs App:
2007697

Current vote summary

Commented but haven't voted yet: coremodule

The votes have been last counted at 2021-09-27 18:11 UTC and the last processed comment was #comment-753684

To learn how to vote, see:
https://pagure.io/fedora-qa/blocker-review
A quick example: BetaBlocker +1 (where the tracker name is one of BetaBlocker/FinalBlocker/BetaFE/FinalFE/0Day/PreviousRelease and the vote is one of +1/0/-1)


This is obviously not the behaviour we want, but extracting files with correct password seems to work, and with wrong password you cannot gain access to the files which also seems "correct". According to the release criteria the application should withstand "basic functionality" which I believe is retained.

FinalBlocker -1
FinalFE +1

FinalBlocker -1
FinalFE +1

Lukas summed this up well imo.

I agree, a freeze exception is sufficient.

FinalBlocker -1
FinalFE +1

The problem would be if the user wasn't informed or was mislead. However, according to my testing, they are informed correctly:
https://bugzilla.redhat.com/show_bug.cgi?id=2007697#c5

FinalBlocker -1

The problem would be if the user wasn't informed or was mislead. However, according to my testing, they are informed correctly:
https://bugzilla.redhat.com/show_bug.cgi?id=2007697#c5

FinalBlocker -1

Please check my last comment. I am still in the process of exploiting this a bit more with zip's very own -FF to fix broken .zip and seeing possibilities to dig up the data that was encrypted in the first place.

I am still at
FinalBlocker 0
FinalFE +1

After reading the discussion, I am unsure about the blocker. I think others should decide.

FinalBlocker 0

Even though Sumantro showed a case where the message actually misleads the user, I feel this is quite a big corner case to block on it. You have to select multiple archives and extract them all at once, one of them must be encrypted, and you must insert an invalid password, in order to hit this. So I'm staying with my "-1" opinion.

AGREED RejectedFinalBlocker
AGREED AcceptedFinalFE

Discussed during the 2021-09-27 blocker review meeting: [0]

The decision to classify this bug as a "RejectedBlocker (Final)" and an "AcceptedFreezeException (Final)" was made as we agree that this does not constitute "basic functionality" for archive management, but it would be desirable to fix it even after freeze if a safe fix is available.

[0] https://meetbot.fedoraproject.org/fedora-blocker-review/2021-09-27/f35-blocker-review.2021-09-27-16.00.txt

The following votes have been closed:

Metadata Update from @blockerbot:
- Issue status updated to: Closed (was: Open)

2 years ago

Release F35 is no longer tracked by BlockerBugs, closing this ticket.

Log in to comment on this ticket.

Metadata