[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #4176 [EFF-HTTPS Everywhere]: Check that there are no holes left by the removal of nsIContentPolicy

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #4176 [EFF-HTTPS Everywhere]: Check that there are no holes left by the removal of nsIContentPolicy
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Fri, 07 Oct 2011 05:45:58 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 07 Oct 2011 01:46:09 -0400
In-reply-to: <043.c6d7aac4691ce018f3478fb441a4fb34@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <043.c6d7aac4691ce018f3478fb441a4fb34@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#4176: Check that there are no holes left by the removal of nsIContentPolicy
----------------------------------+-----------------------------------------
 Reporter:  pde                   |          Owner:  pde
     Type:  task                  |         Status:  new
 Priority:  normal                |      Milestone:     
Component:  EFF-HTTPS Everywhere  |        Version:     
 Keywords:                        |         Parent:     
   Points:                        |   Actualpoints:     
----------------------------------+-----------------------------------------

Comment(by vic):

 Not sure where you want this discussion to go (copied from #3882 )

 Replying to [comment:10 pde]:
 > Replying to [comment:7 vic]:
 > > Why do you need to disable the nsIContentPolicy::shouldLoad / forceURI
 path?
 > >
 >
 > Because the Firefox patch isn't in Firefox 4-7, and we'd prefer not to
 crash those browsers?

 The removal was in the main branch of HTTPS Everywhere.

 Right now Firefox 4-6 has no security updates.

 My suggestion is to keep the  nsIContentPolicy::shouldLoad / forceURI path
 in HTTPS Everywhere v2.0.xDev and release version 2 on the same day that
 Firefox 8 ships.

 >
 > >
 > > Please restore the nsIContentPolicy::shouldLoad / forceURI path in
 stable version.
 >
 > Despite Giorgio's concerns, we haven't yet found any cases in which
 disabling nsIContentyPolicy caused an insecure HTTP load.  If we find any,
 we'll try to turn it back on just for those cases.

 Really would appreciate if you left it on for Everything, just in case.

 I mean come to think of it, the patch released @
 https://bugzilla.mozilla.org/show_bug.cgi?id=677643 for Firefox 8+ is now
 useless? The patch was because we were using the
 nsIContentPolicy::shouldLoad / forceURI path right?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/4176#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #4176 [EFF-HTTPS Everywhere]: Check that there are no holes left by the removal of nsIContentPolicy
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3882 [EFF-HTTPS Everywhere]: HTTPS Everywhere 1.0 causing crashes on multiple sites
Next by Author: Re: [tor-bugs] #4045 [Vidalia]: Test Vidalia-0.3.1-rc (alpha release)
Previous by thread: Re: [tor-bugs] #4176 [EFF-HTTPS Everywhere]: Check that there are no holes left by the removal of nsIContentPolicy
Next by thread: Re: [tor-bugs] #4176 [EFF-HTTPS Everywhere]: Check that there are no holes left by the removal of nsIContentPolicy
Index(es):
- Author
- Thread