Hi,
Alan wrote (26 Apr 2013 16:39:31 GMT) :
> I read the commit log and its diff. Everything seems me fine, but one
> thing: the TOR_SOCKS_PORT set in /etc/environment by commit 6a2de87. It
> seems me dangerous to set the socks port meant for the web browser only
> (for stream isolation) as a global environment variable with such a
> general name.
Nice catch. I agree: if some random piece of software took these
envvars into account, then it would partially defeat our stream
isolation design.
> In addition to that, next commit (6629701) reads:
> [...]
> So I wonder if the previous commit setting environment is actually
> useful.
Nice catch too. But yes, the envvars are needed: I've built an ISO
from experimental with 6a2de870 reverted => iceweasel starts in "Tor
disabled" mode, so I'm afraid we have to set the envvars.
> It it is, I would prefer to set these environment variables set
> for iceweasel only, e.g. in the wrapper that we would probably create
> anyway to solve https://tails.boum.org/todo/dont_autostart_iceweasel/.
Agreed. I'm creating
todo/dont_set_torbutton_environment_variables_globally so that this is
not forgotten.
IMHO this is not a blocker, especially since the branch was merged
already (before you commented on it), and since the freeze is close.
I guess the next release manager, when reviewing each open ticket,
will find that one, and once todo/dont_autostart_iceweasel is
implemented, they'll gather it's now trivial to move the envvars to
the right place and just do it.
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
