Re: [tor-bugs] #10280 [Firefox Patch Issues]: Torbrowser shouldn't load flash into the process space by default

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#10280: Torbrowser shouldn't load flash into the process space by default
-------------------------------------+-------------------------------------
     Reporter:  mikeperry            |      Owner:
         Type:  enhancement          |     Status:  needs_review
     Priority:  normal               |  Milestone:
    Component:  Firefox Patch        |    Version:
  Issues                             |   Keywords:  tbb-testcase,
   Resolution:                       |  MikePerry201402R
Actual Points:                       |  Parent ID:
       Points:                       |
-------------------------------------+-------------------------------------

Comment (by mikeperry):

 Replying to [comment:25 cypherpunks]:
 > I believe many of these problems are ultimately the result of bad
 software engineering.  There is a reason you have a Requirements Document,
 and a Design Document.  Bad News when combining the two into one.  The
 Requirements document specifies WHAT, a Design Document specifies HOW.
 >
 > By putting them together you lock your implementation, and make it
 difficult to determine what is a functional defect.  For instance, if you
 had a Requirements document, this discussion would not be necessary.

 Oh yeah, here's a good idea: let's clutter this bug up some more by going
 meta and arguing about the design document and how many different pieces
 of paper we should have filed with the appropriate standards bodies in
 triplicate...

 "You have just leveled up. You are now a Level 23 Bureaucrat.
 Congratulations on your studious attention to rigid processes!" ;).

 In all seriousness though, I actually don't believe your claims to be the
 case at all. If these documents were separate (really they already nearly
 are - the requirements and implementation already are in separate
 sections), we *still* would not have had a requirement that plugins not
 have been loaded into the address space, only that plugins must be audited
 and restricted such that they can meet our privacy and security
 requirements, or that they be prevented from running by default if they
 cannot. Just as we specify now.

 So no, having two pieces of paper instead of just one would not have saved
 us from this argument. This is an argument about a highly nuanced
 implementation detail, and if that detail mattered enough for us to write
 a patch for it.

 Thankfully, bobnomnom saved us from endless argument by just writing a
 patch. Let's not drag it meta-meta now, if we can avoid that, please.

 Bob - I will review your patch as soon as possible. At a glance, it looks
 like we have to localize it still though. I might be able to do that
 myself, but it will mean it may be delayed a little more. Please be
 patient.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10280#comment:27>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs