[tor-bugs] #26401 [Applications/Tor Browser]: Rebase Orfox patches onto Tor Browser 8.0 for TBA

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Jul 18 20:13:02 UTC 2018


#26401: Rebase Orfox patches onto Tor Browser 8.0 for TBA
----------------------------------------------+----------------------------
 Reporter:  sysrqb                            |          Owner:  tbb-team
     Type:  task                              |         Status:
                                              |  needs_revision
 Priority:  Very High                         |      Milestone:
Component:  Applications/Tor Browser          |        Version:
 Severity:  Normal                            |     Resolution:
 Keywords:  tbb-mobile, TorBrowserTeam201807  |  Actual Points:
Parent ID:  #26531                            |         Points:
 Reviewer:                                    |        Sponsor:
----------------------------------------------+----------------------------

Comment (by sysrqb):

 Replying to [comment:25 gk]:
 >
 > Don't we need
 >
 > https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-
 browser-52.8.1esr-8.0-1&id=6c507ea953072deb125d3ad4afa3282ae1ce884b

 I noticed yesterday this commit was lost during a rebase. I'll include
 this in the next branch.

 > https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-
 browser-52.8.1esr-8.0-1&id=eea65c845366312fe2d6b8d955264b2158044db8

 Same. I'll cherry-pick this commit in the next branch, too.

 >
 > ?
 >
 > It seems you omitted
 >
 > https://gitweb.torproject.org/tor-browser.git/commit/?h=tor-
 browser-52.8.1esr-8.0-1&id=468107a61e87df22cb4d75557aac3d7d82e750dc
 >
 > which means you lean to WONTFIX #24926? Shouldn't we keep the current
 Orfox behavior until we make a final decision? (I don't have a strong
 opinion here)
 >
 > EDIT: I just saw in comment:3 not including that one is actually
 intentional.

 I'm hesitant including this. On the one hand, it's possible some Orfox
 uses are using this feature and will want it included in TBA. On the other
 hand, this is a feature uniquely available on Android and it exposes Tor
 Browser to a new attack vector (DoS by a third-party app). I'm not against
 the idea of implementing this functionality, especially considering the
 situations where some people use their mobile devices, but I'd like this
 provided behind a pref.

 It's easy for me to say "I don't think including this is a good idea" and
 then try justifying not including it. Instead of that, let's include it
 and then decide on the best way forward with #24926.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26401#comment:30>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list