[Freepto] Fwd: [Pkg-anonymity-tools] Bug#775921: unblock: to…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: freepto
Temat: [Freepto] Fwd: [Pkg-anonymity-tools] Bug#775921: unblock: torbrowser-launcher/0.1.8-1 (pre-approval)
I guess you'll be interested in that discussion..

Hi all,

On 15-01-27 20:43:27, Holger Levsen wrote:
> On Dienstag, 27. Januar 2015, Niels Thykier wrote:
> > Ack, please go ahead and remove the moreinfo tag once it has been
> > uploaded to unstable.
>
> thanks! but sadly 0.1.8-1 is not suitable and probably I dont want 0.1.9-1
> neither, the changes due to github tickets #155 and 157 might be too
> invasive/unsafe...
>
> So maybe the diff will be even smaller than 0.1.8-1 in which case i'll just
> upload to sid as 0.1.7+debian-1. If we decide to go with 0.1.9-1 instead, I'll
> come back to you first though.
>
> de13483 (from 0.1.8) and 3f1146e (from 0.1.9, fixing de13483) are the
> problematic upstream commits I'm talking about...


I've spoke with Holger about how to proceed with this, which version to
build and upload for Debian and which commits to include. He asked if I
could write a summary which I'll now try to. Caution: up until now I'm
not involved with the upstream or packaging process of
torbrowser-launcher, so please don't take my words for granted:

- The current version included in Debian wheezy/jessie at the moment is
0.1.7-1, which is broken because of [01] and [03].

- Holger fixed this via building and uploading 0.1.9-1 to experimental
[02]. However, this version is still affected by [03]: "The Tor
Project changed how alphas and betas are versioned and now
torbrowser-launcher always suggests downloading available alphas/betas.
Please apply this patch from upstream to fix this issue in sid and ask
the release team to include it in Debian jessie.", making it not
suitable for wheezy/jessie. Problem was fixed upstream via [04], but is
now back, see [05] and upstream [06].

- Regarding the two commits Holger wrote about:

  - de13483 (upstream ticket [07] and commit [08]): "Without this commit,
    if you run torbrowser-launcher and then torbrowser-launcher
    "https://github.com", you'll get popup says TBB already open. This
    commit fix it, so torbrowser-launcher "https://github.com" opens
    GitHub in a new tab of already launched TBB. The problem with
    -allow-remote in #157 is that if you have Firefox (not Iceweasel)
    installed, for some reason it opens tab in Firefox instead of TBB.
    It's a bug in upsteam. they should add some build flags."
    (These last two sentences are quite important, because it could put
    users into unwanted and probably dangerous situations.)


  - This problem was (partially) adressed via 3f1146e (upstream ticket
    [09] and commit [10]): "Since the last update (nominally 0.1.6-1 ->
    0.1.7-1, but I'm building from git), torbrowser-launcher has stopped
    working if Firefox is already running. Instead, it just opens a new
    window from the currently running FF profile."


  - README.md [11] now reads: "Tor Browser Launcher allows you to set
    Tor Browser as your default web browser. Unfortunately, there's a
    gnarly issue that prevents this from working if Firefox is open in
    the background. If Tor Browser is set as your default browser and
    Firefox is open in the background, links will get opened in Firefox.
    Likewise, if Firefox is your default browser and Tor Browser is open
    in the background, links will get opened in Tor Browser. See more
    information here.


    You can only use Tor Browser as your default browser if you don't
    use Firefox at the same time. Other browser (such as Iceweasel,
    Chromium, or Chrome) will work fine. You must check "Allow opening
    links with Tor Browser" in the settings to enable it."


- It seems quite messy, but after a closer look, one is able to find the
way through... :) Regarding the further process I would propose, to
check if vanilla v0.1.9 (with these two commits included) works as
expected, and if that's the case, include these, because it's a nice
feature. If these don't work, I would recommend to revert these, to
favor security instead of convenience. Maybe it would be wise to
inform the users while using apt-get dist-upgrade about the issue in
combination with Firefox.

- However, [03] has to be solved anyway, before this is usable again.

Cheers,
Georg


[01] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775871
[02] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775871#34
[03] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775891
[04] https://github.com/micahflee/torbrowser-launcher/commit/143cbf4ee13fa4b227688b1e55f69fd65b2decfc.patch
[05] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775891#15
[06] https://github.com/micahflee/torbrowser-launcher/issues/169
[07] https://github.com/micahflee/torbrowser-launcher/pull/155
[08] https://github.com/micahflee/torbrowser-launcher/commit/de134835a05b74e750da291e90fa86cfc43feae6
[09] https://github.com/micahflee/torbrowser-launcher/issues/157
[10] https://github.com/micahflee/torbrowser-launcher/commit/3f1146e1a084c4e8021da968104cbc2877ae01e6
[11] https://github.com/micahflee/torbrowser-launcher#using-tor-browser-as-your-default-browser-and-firefox
_______________________________________________
Pkg-anonymity-tools mailing list
Pkg-anonymity-tools@???
https://lists.alioth.debian.org/mailman/listinfo/pkg-anonymity-tools

--
intrigeri