[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere
#10394: Torbrowser's updater updates HTTPS-everywhere
-------------------------------------------------+-------------------------
Reporter: StrangeCharm | Owner: tbb-
| team
Type: task | Status:
| needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security, https-everywhere, | Actual Points:
TorBrowserTeam202006R |
Parent ID: | Points:
Reviewer: gk | Sponsor:
-------------------------------------------------+-------------------------
Comment (by rustybird):
Replying to [comment:44 gk]:
> Maybe we could include this patch as part of our "don't block our
unsigned extensions" patch where HTTPS-Everywhere is the only extension
left anyway. Would be easy to make this to an "treat https-e special"
patch.
If the [https://lists.torproject.org/pipermail/tbb-
dev/2017-April/000530.html plan] still is to eventually disable NoScript
updates too, then it might be simpler to keep the patch separate and later
add a fixup checking for the NoScript ID as well. Just a thought.
> rustybird: have you checked whether the ruleset updates are unaffected
by your patch
Yes, they still work: There are connections to `www.https-
rulesets.org:443` and `securedrop.org:443`. And when I start with an old
HTTPS Everywhere version that includes an outdated ruleset, the `rulesets-
timestamp` fields in `browser-extension-data/https-everywhere-
eff@xxxxxxx/storage.js` show that those updates are applied.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:45>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs