Re: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1

Supprimer ce message

Répondre à ce message
Auteur: Ague Mill
Date:  
À: The Tails public development discussion list
Nouveaux-sujets: [Tails-dev] Tor Browser language pack version incompatibility problem? was: Tails 0.14 vs. iceweasel 10.0.9esr-1
Sujet: Re: [Tails-dev] Tails 0.14 vs. iceweasel 10.0.9esr-1
On Thu, Oct 18, 2012 at 01:19:41PM +0200, anonym wrote:
> > What do we do for 0.14?
>
> I suppose our (realisic) options boil down to:
>
> 1. Ship an old Iceweasel esr with good Torbutton.
> 2. Ship a new Iceweasel esr with bad Torbutton.
>
> How do we value "susceptibility to general browser exploits" vs.
> "susceptibility to Tor-specific anonymity attacks"? I think I'm more in
> favour of option 1, but I feel far from confident with this choice.
>
> How realistic is the following option?
>
> 3. Ship new Iceweasel esr + relevant TorBrowser patches that we build
>    ourselves and host on some temporary APT repo so Torbutton becomes
>    good?


I needed to explore a 4th way... and it looks like I have successfully
created a monster. Running the attached script in Tails 0.14~rc1,
removing `~/.mozilla` and launching `/usr/local/bin/firefox` starts
something that looks a lot like a working TorBrowser. "It's aliiiiive!"

Probably this can be turned in a chroot local-hook, but I won't waste
the effort if others feels that's too much of hack.

Known issue: the localized searchplugins are not currently loaded. And
there is probably a bit more testing that needs to be done.

--
Ague