search

jerrelllee / pe

0 stars 0 forks source link

editpa is not very useful to the user #8

Open jerrelllee opened 3 days ago

jerrelllee commented 3 days ago

Issue name

Editpa works by changing the fields of a PA for a particular person.

To reproduce

Nil

Expected behavior

Editpa should at least be able to change the PA's owner (I'm not sure how to refer to this, but basically who the PA is under)

Severity

Medium - Currently, the use case of editpa is restricted to accidentally writing the wrong network, wallet name or public address, which are mostly quite unlikely. Firstly, the network is likely not going to be accidentally typed as BTC instead of ETH. For public address, this is not likely to be keyed in manually as well and would be presumably copied (if not having a CLI app for these purposes is likely to be very inefficient?) so mistakes would be unlikely as well.

While there is a case for wallet name being misspelled, a much more common case would be something like the user adding a PA to the wrong person, be it just simply misreading the index from the list, or being confused about the indexing (eg after using a find command). Being able to move the entire PA between people instead of having to delete and add it back again provides much more convenience compared to being able to edit network/public address.

soc-pe-bot commented 5 hours ago

[IMPORTANT!: Please do not edit or reply to this comment using the GitHub UI. You can respond to it using CATcher during the next phase of the PE]

Team's Response

Changes

Severity: Low

Response: NotInScope

Justifications

The user story we identified in DG which editpa is designed to address is

"As a user, I want to edit existing address entries, so that I can update information or correct mistakes."

As such, the editpa was designed around updating and rectifying information (referring to the public address which could have been more explicitly mentioned).

References

image.png

For updating of information, a common practical scenario would be when a person changes their public address. (There can be many reasons for this, such as compromised wallet, migrating to cold wallet, etc). editpa provides value by allowing users to update the public address directly, without deleting then adding a new one.

For rectifying information, it was designed around rectifying incorrectly inputted public address for the following reasons:

  1. For enhanced security, it is recommended to run it on a standalone device, warranting the need for manual entry if security is of top priority. As such, manual typos may occur.
  2. Clipboard hijacking is a well-known issue when it comes to entering public addresses. Copy pasting is not a 100% safe method of inputting public addresses. editpa allows users rectify these mistakes should they find evidence of clipboard hijacking.

In both cases, editpa does what it is intended to do, which is the rectify incorrectly inputted public addresses.

References

image.png

We believe that since editpa does effectively address the user story and potential pain points that we have come up with when designing the command and have justified their relevance above, the severity of this issue does not warrant a Medium as its existence and current functionality does not cause occassional inconveniences to users (definition of Medium severity).

The scenario of incorrectly adding the index is a room for improvement, but as you have also mentioned that mistakes / accidental typos would be unlikely, we agree that a Low severity is more appropriate as a feature flaw (by definition of Low severity), especially when a 2 command workaround (as opposed to 1 editpa command) can easily be used.

References

image.png

We have decided on NotInScope as our response as it fulfils the criterias:

  1. The supposedly 'better' implementation will take more effort than the current implementation, reducing the effort available to spend on other more important tasks. The case of incorrectly adding public address to the wrong person does not fall under the features and use cases of editpa mentioned in the documentations. Furthermore, it is not trivial to modify editpa to implement moving public of public addresses as requires a redesign of the fields and internal logic, and may be better to have a separate command altogether (Does not really make sense to allow moving of items (eg. phone number) under edit command). The effort is not worth the benefits of covering this rare minor case, especially when a quick workaround of deleting and adding the public address is available.
  2. It was not mentioned in the documentations that this was a case that we are addressing and supporting for editpa. Our UG states that editpa "edits an existing public address address of a contact.", not moves public address to another contact.
  3. There is no way for the user to attempt to misuse editpa to move a public address to another contact due to the restriction in fields and explicit explanations and examples in UG and error messages.

References

image.png

image.png

image.png

Items for the Tester to Verify

:question: Issue response

Team chose [response.NotInScope]

Reason for disagreement: [replace this with your reason]

## :question: Issue severity Team chose [`severity.Low`] Originally [`severity.Medium`] - [ ] I disagree **Reason for disagreement:** [replace this with your reason]