Bug#790498: iceweasel: upgrading from jessie makes all passwords in the password manager invalid

[Mike Hommey]

On Mon, Jul 13, 2015 at 12:59:18PM +0300, Török Edwin wrote:
> On 07/13/2015 01:46 AM, Mike Hommey wrote:
> > On Mon, Jun 29, 2015 at 11:28:02PM +0300, Török Edwin wrote:
> >> Package: iceweasel Version: 38.0.1-5 Severity: grave Justification:
> >> causes non-serious data loss
> >>
> > 
> > Your comment in upstream bug says that forcing a new upgrade of the
> > signons store worked, so it's really not clear what went wrong the
> > first time.
> 
> One possibility is that I upgraded from the Jessie version of firefox
> to the unstable one in the past to test something, which upgraded the
> password store to the new format at that time.  Then when I was done
> testing that site I downgraded back to the stable version in Jessie,
> and added/changed more passwords as usual, but that updated the
> passwords in the old store.
> 
> Now when I tried to upgrade again to the version in unstable it used
> the out-of-date signons store that it converted some time ago, and any
> changes made by the old firefox version haven't been taken into
> account.  That might explain why Firefox from unstable has seen less
> passwords than the Jessie version, and why none of them worked anymore
> (I changed them all using the old version of firefox).
> 
> If you think it'd be useful I can try to reproduce this with a fresh
> firefox profile and upgrading/downgrading while changing passwords.
> Not sure what could be done to fix this, one way would to provide a
> button to import the passwords from the old store (even if it has been
> imported in the past already), and if their last changed time is newer
> than the password in the new store use that, or just have both
> available and allow the user to choose and delete the outdated one.

At least, that sounds like a plausible explanation. I'm not sure it's
worth "optimizing" for it, though.

Mike