[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update

Subject: Re: [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 17 Feb 2015 18:20:48 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 17 Feb 2015 13:20:58 -0500
In-reply-to: <049.0933de891724fb3a74f4d79a3f3498ff@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <049.0933de891724fb3a74f4d79a3f3498ff@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#14851: NoScript update caused permissions pref update
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  TorBrowserTeam201502, tbb-disk-leak
  Browser                |  Parent ID:
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by gk):

 Replying to [ticket:14851 mikeperry]:
 > There are two issues here: First, what is the best way to switch this
 pref back to true for our users? Can we simply update our extension-
 overrides.js file for this pref for update?

 Yes, it seems to work.

 > Second, what caused this discrepancy to happen? How do we prevent it in
 the future? Now that we have an updater, should we disable updates for
 NoScript and HTTPS-Everywhere in 4.5?

 There is no discrepancy. You updated 4.0.2 to a NoScript version >
 2.6.9.10 which has the pref in question set to `false`. 4.0.3 is shipped
 with NoScript 2.6.9.10 which has it still set to `true`. If you update the
 NoScript in 4.0.3 you get the same problem.

 I think the only way to reliably prevent that issue generally is indeed to
 ship NoScript (and HTTPS-E) updates only via our updater. The NoScript
 release speed makes this probably not feasible for us at the moment but I
 think we should and could start with HTTPS-E (#10394) and see how it goes
 just taking important security related updates justifying an out-of-order
 release. We could start monitoring the NoScript releases with the same
 criteria in mind to get a handle on how many additional releases we would
 need to do approximately. I might even volunteer for that task as having
 these extensions just updating itself makes me quite nervous.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14851#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #14902 [Tor Browser]: Linux TBB 4.0.3 Firefox missing CA certificates
Next by Author: Re: [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
Previous by thread: Re: [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
Next by thread: Re: [tor-bugs] #14851 [Tor Browser]: NoScript update caused permissions pref update
Index(es):
- Author
- Thread