[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #12620 [Tor Browser]: Rebase TBB patches to Firefox 31 and add unit tests



#12620: Rebase TBB patches to Firefox 31 and add unit tests
-------------------------+-------------------------------------------------
     Reporter:  gk       |      Owner:  tbb-team
         Type:  task     |     Status:  new
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  TorBrowserTeam201408D, ff31-esr,
   Resolution:           |  tbb-rebase, tbb-firefox-patch
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by arthuredelstein):

 Replying to [comment:17 gk]:

 > 1) What is the rationale for including the patch for #2874 into ESR 31?
 Reading #2874 it seems to me the issue is resolved in ESR 31 by Mozilla
 itself and comment:16:ticket:2874 does not convince me (yet) as there are
 numerous ways to distinguish ESR 24 and ESR 31 users and we don't aim at
 making them undistinguishable. I'd like to see the patches we need as a
 kind of roadmap of things still in need of getting upstreamed and I wonder
 how the patch in question would fit into that picture (but, admittedly,
 maybe the picture is wrong to begin with)...

 A comment in the Mozilla code suggests that Components.interfaces will be
 removed at some point in the future, so in a sense this will be
 upstreamed. But I see your point that we can't hope to make ESR24 and
 ESR31 indistinguishable. So I think I'm persuaded that this patch can be
 removed. I'll add a revert commit.

 > 2) I wonder whether we should still include the patch for #5741. For
 one, Mozilla fixed that leak
 (https://bugzilla.mozilla.org/show_bug.cgi?id=751465). Then, we added a
 unit test making sure that nothing gets backed out wrt the WebSocket
 protocol which leads to another round of DNS bypassing tor
 (https://bugzilla.mozilla.org/show_bug.cgi?id=971153).

 Very nice!

 > Now, we can even observe the respective notification in Torbutton to be
 extra sure that no leaks happening (might be a good QA thing...).

 Definitely. Is there a ticket for this?

 > The only argument for including the patch in ESR 31 I currently can come
 up with is that ws:// is the only protocol currently being tested in the
 unit test. If that is a show-stopper, fair enough (I planned to add tests
 for the remaining non-internal protocols + getting them merged into ESR
 38).

 Maybe open a ticket for those additional unit tests? Happy to revert this
 patch if you think it's not needed.

 Thanks for your help! :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12620#comment:18>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs