[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB 2.2.32 & Automatic Updates

On 05/09/11 21:09, Erinn Clark wrote:
> * cgp3cg <cgp3cg@xxxxxxxxx> [2011:09:05 16:19 +1000]: 
>> Hi,
>> Just downloaded TBB 2.2.32 for Linux
>> (tor-browser-gnu-linux-i686-2.2.32-3-dev-en-US.tar.gz) and was surprised
>> to find FF set to automatically check for and download updates. This
>> seems like a significant change, and I can't find a record in my
>> archives, nor in a quick scan through the changelog.
>> Was this deliberate and did I miss something?
> No, this is not deliberate and must be a bug. The prefs.js we ship has:
> user_pref("app.update.auto", false);
> user_pref("app.update.enabled", false);
> https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/build-scripts/config/no-polipo-4.0.js
> We enabled addon updates because we believe it is safer, but that is a
> different setting. I see in my own TBB that app.update.auto has been set to
> true, but I certainly didn't make it that way either as a user or developer.
> Thanks for noticing, I'm going to add fixing this to our next update (September
> 10th).

Thanks Erinn,

I've also discovered that with this version FF defaults to saving
passwords, and that there a 4 CA certificates present for DigiNotar and
2 for DigiNotar B.V.

The first isn't a huge issue, but according to the changelog for 2.2.32-2:

* Update Firefox to 6.0.1, with an additional patch to exclude
  DigiNotar completely

I've also had a quick poke at a few older versions (the only ones I have
- 2.2.25 (FF 4.0.1)
- 1.1.3 (FF 3.6.13)

and both only show 1 CA cert for DigiNotar. Stock standard FF 6.0 also
only had one, and it's now gone completely from 6.0.1 ... so why the
presence of four in TBB?

tor-talk mailing list