From: Ian Eure <ian@retrospec.tv>
To: "André Batista" <nandre@riseup.net>
Cc: mhw@netris.org, jonathan.brielmaier@web.de, 71782@debbugs.gnu.org
Subject: [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes].
Date: Sat, 07 Sep 2024 20:54:39 -0700 [thread overview]
Message-ID: <8734maeqp5.fsf@retrospec.tv> (raw)
In-Reply-To: <Ztxy9ZI6huxBd2O3@andel>
Hi André,
André Batista <nandre@riseup.net> writes:
> Hi Ian,
>
> sex 06 set 2024 às 08:05:28 (1725620728), ian@retrospec.tv
> enviou:
>>
>> This all looks good to me. I built and ran both browsers and
>> they seem to
>> be working how I’d expect.
>
> Great, thanks!
>
>> My only question is around the locale handling -- (gnu packages
>> gnuzilla)
>> has a setup for these which I was able to reuse for LibreWolf.
>> Is that
>> possible for mullvad and torbrowser? It would be nice to have
>> a unified way
>> of handling this, instead of each browser implementing its own
>> strategy.
>>
>
> I'm not sure I understand why you think this to be desirable,
> could you
> elaborate?
>
There’s a lot of duplication between the Firefox-derived browsers
in Guix, and I think it would be good to reduce it where it makes
sense. Because the locales are a separate package used as an
input, this seems like a part of them which could be handled in a
uniform way, to the benefit of all (assuming they use the same
locale data).
> I'm also not sure if this is possible (without incuring in
> glitches) and
> in my opinion this is not desirable for both torbrowser and
> mullvad
> because:
>
> I. Both these browsers have modified pristine firefox in a
> number of
> non-trivial ways. Eg.: if you go to about:preferences you will
> see that
> there are various user settings which are specific to this
> browsers or
> even when you first launch torbrowser the connection settings
> page is
> unknown to firefox. I believe that's the reason why these
> browsers do
> not support 'all-mozilla-locales', but just a subset which has
> been
> worked upon by the torproject.
>
I see, now that I read the patch more closely, it looks like the
upstream locale data wasn’t being used, despite reusing the
`mozilla-locale' code from Gnuzilla.
> II. In order to avoid guix users having a different fingerprint,
> we try
> to be as close as possible to what upstream does. I'm not sure
> if locale
> version could be somehow infered from the network, but I guess
> using the
> same version is the safest bet;
>
> III. Currently on guix master, these browsers are using code
> copied from
> gnuzilla.scm, but with a subset of locales and different
> changesets
> that are based on torproject settings. However, torproject has
> moved
> from mercurial to the unified github firefox locales[1] which
> has
> immensily simplified the work required to update the changesets
> (now
> actually commits) and all locales supported on those browsers
> now have
> only one commit, instead of various changesets on single locale
> repos;
>
This makes sense to me with the additonal context.
> IV. Moreover, I believe mozilla itself is on the way of
> deprecating
> mercurial l10n-central in favor of firefox-locales git repo,
> since
> this is where all work has been happening[2], while l10n-central
> has
> stopped at 2024-07-10[2]. So probably in a not so distant future
> gnuzilla will have to move on to that as well.
>
I wasn’t aware of this, but that’s great news, as it’ll make
reproducible builds much easier. Thank you for letting me know.
> So I stand by the changes proposed on this patch series, at
> least as
> things stand.
>
Makes sense. I’m still in favor of merging them. Thank you for
taking the time to explain.
Thanks,
— Ian
next prev parent reply other threads:[~2024-09-08 4:05 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-26 13:38 [bug#71782] [PATCH 0/3] gnu: torbrowser: Update to 13.5 André Batista
2024-06-26 13:46 ` [bug#71782] [PATCH 1/3] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-06-27 16:05 ` [bug#71782] [PATCHv2 " André Batista
2024-06-26 13:47 ` [bug#71782] [PATCH 2/3] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
2024-06-26 13:47 ` [bug#71782] [PATCH 3/3] gnu: torbrowser: Update to 13.5 André Batista
2024-07-16 23:41 ` [bug#71782] [PATCHv3 0/4] Update torbrowser and mullvadbrowser to v13.5.1 André Batista
2024-08-07 0:14 ` [bug#71782] [PATCH v4 0/4] Update torbrowser and mullvadbrowser to v13.5.2 André Batista
2024-09-05 23:08 ` [bug#71782] [PATCH v5 0/4] Update torbrowser and mullvadbrowser to v. 13.5.3 André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-09-05 23:17 ` [bug#71782] [PATCH v5 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.3.0 André Batista
2024-09-05 23:18 ` [bug#71782] [PATCH v5 3/4] gnu: torbrowser: Update to 13.5.3 [security fixes] André Batista
2024-09-06 15:05 ` Ian Eure
2024-09-07 15:36 ` André Batista
2024-09-08 3:54 ` Ian Eure [this message]
2024-09-05 23:18 ` [bug#71782] [PATCH v5 4/4] gnu: mullvadbrowser: " André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
2024-08-07 0:15 ` [bug#71782] [PATCH v4 3/4] gnu: torbrowser: Update to 13.5.2 [security fixes] André Batista
2024-08-07 0:16 ` [bug#71782] [PATCH v4 4/4] gnu: mullvadbrowser: " André Batista
2024-07-16 23:42 ` [bug#71782] [PATCHv3 1/4] gnu: Add go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-webtunnel André Batista
2024-07-16 23:42 ` [bug#71782] [PATCHv3 2/4] gnu: go-gitlab-torproject-org-tpo-anti-censorship-pluggable-transports-lyrebird: Update to 0.2.0 André Batista
2024-07-16 23:42 ` [bug#71782] [PATCHv3 3/4] gnu: torbrowser: Update to 13.5.1 [security fixes] André Batista
2024-07-16 23:43 ` [bug#71782] [PATCHv3 4/4] gnu: mullvadbrowser: " André Batista
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8734maeqp5.fsf@retrospec.tv \
--to=ian@retrospec.tv \
--cc=71782@debbugs.gnu.org \
--cc=jonathan.brielmaier@web.de \
--cc=mhw@netris.org \
--cc=nandre@riseup.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).