Debian Bug report logs - #561927
iceweasel: Can Iceweasel pretend to be Firefox to services such as safebrowsing ?

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <mh+reportbug@glandium.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: iceweasel: Can Iceweasel pretend to be Firefox to services such as safebrowsing ?

Date: Mon, 21 Dec 2009 11:28:18 +0100

Package: iceweasel
Version: 3.5.6-1
Severity: serious
Justification: This should be resolved before release

Iceweasel current replaces firefox with iceweasel in various service urls
in configuration. Some other service urls such as safebrowsing have not been
addressed yet, leading to bugs such as #518357.

The question is whether we can have iceweasel pretend to be firefox to such
services, which are related to agreements between MoCo and third parties.

I'm filing this bug to avoid forgetting about this issue, and to track the
investigation as it goes.


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages iceweasel depends on:
ii  debianutils                   3.2.2      Miscellaneous utilities specific t
ii  fontconfig                    2.6.0-4.1  generic font configuration library
ii  libc6                         2.10.2-2   GNU C Library: Shared libraries
ii  libglib2.0-0                  2.22.3-1   The GLib library of C routines
ii  libgtk2.0-0                   2.18.5-1   The GTK+ graphical user interface 
ii  libnspr4-0d                   4.8.2-1    NetScape Portable Runtime Library
ii  libstdc++6                    4.4.2-5    The GNU Standard C++ Library v3
ii  procps                        1:3.2.8-2  /proc file system utilities
ii  psmisc                        22.8-1     utilities that use the proc file s
ii  xulrunner-1.9.1               1.9.1.6-1  XUL + XPCOM application runner

iceweasel recommends no packages.

Versions of packages iceweasel suggests:
pn  latex-xft-fonts      <none>              (no description available)
ii  libkrb53             1.6.dfsg.4~beta1-13 Transitional library package/krb4 
pn  mozplugger           <none>              (no description available)
pn  ttf-mathematica4.1   <none>              (no description available)
ii  xfonts-mathml        3                   Type1 Symbol font for MathML
pn  xprint               <none>              (no description available)
ii  xulrunner-1.9.1-gnom 1.9.1.6-1           Support for GNOME in xulrunner app

-- no debconf information

Message #14 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Jameson Rollins <jrollins@finestructure.net>

To: 561927@bugs.debian.org

Subject: control@bugs.debian.org

Date: Sat, 30 Jan 2010 16:13:19 -0500

[Message part 1 (text/plain, inline)]

severity 561927 wishlist
thanks

Please careful choose bug severity when filing bugs.  This is certainly
*not* a "severe" bug (it's in fact not a bug at all), and severe bugs
are release critical and therefore requires special attention.

I also wonder if this issue is actually addressed by the "like Firefox"
line added to the useragent string, from bug 399633:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=399633

Also see following:

http://www.geticeweasel.org/useragent/

jamie.

[Message part 2 (application/pgp-signature, inline)]

Message #19 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <mh@glandium.org>

To: Jameson Rollins <jrollins@finestructure.net>, 561927@bugs.debian.org

Subject: Re: Bug#561927: control@bugs.debian.org

Date: Sun, 31 Jan 2010 08:31:35 +0100

severity 561927 serious
thanks

On Sat, Jan 30, 2010 at 04:13:19PM -0500, Jameson Rollins wrote:
> severity 561927 wishlist
> thanks
> 
> Please careful choose bug severity when filing bugs.  This is certainly
> *not* a "severe" bug (it's in fact not a bug at all), and severe bugs
> are release critical and therefore requires special attention.

Hum, if *I* file a bug as RC against a package *I* maintain, it *is* RC.

Mike

Message #24 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Jameson Graef Rollins <jrollins@finestructure.net>

To: Mike Hommey <mh@glandium.org>, 561927@bugs.debian.org

Subject: Re: Bug#561927: control@bugs.debian.org

Date: Sun, 31 Jan 2010 22:13:11 -0500

[Message part 1 (text/plain, inline)]

On Sun, 31 Jan 2010 08:31:35 +0100, Mike Hommey <mh@glandium.org> wrote:
> Hum, if *I* file a bug as RC against a package *I* maintain, it *is* RC.

Actually, that does not follow.  The severity of a bug affects a lot of
things other than just the maintainer.  For instance, by setting the
severity of this bug as severe, you've wasted my time in looking for RC
bugs to deal with.  This is not an RC bug, and labeling it as such for
nothing more than your own convenience is inconsiderate to the Debian
community and wasteful of precious human resources.

jamie.

[Message part 2 (application/pgp-signature, inline)]

Message #29 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <mh@glandium.org>

To: Jameson Graef Rollins <jrollins@finestructure.net>, 561927@bugs.debian.org

Subject: Re: Bug#561927: control@bugs.debian.org

Date: Mon, 1 Feb 2010 07:50:55 +0100

On Sun, Jan 31, 2010 at 10:13:11PM -0500, Jameson Graef Rollins wrote:
> On Sun, 31 Jan 2010 08:31:35 +0100, Mike Hommey <mh@glandium.org> wrote:
> > Hum, if *I* file a bug as RC against a package *I* maintain, it *is* RC.
> 
> Actually, that does not follow.  The severity of a bug affects a lot of
> things other than just the maintainer.  For instance, by setting the
> severity of this bug as severe, you've wasted my time in looking for RC
> bugs to deal with.  This is not an RC bug, and labeling it as such for
> nothing more than your own convenience is inconsiderate to the Debian
> community and wasteful of precious human resources.

It is an RC bug, because we can't ship something that we don't have the
right to.
You are also free to participate in the investigation, noone is
preventing you from doing so.

Mike

Message #34 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <mh@glandium.org>

To: 561927@bugs.debian.org

Subject: Re: Bug#561927: iceweasel: Can Iceweasel pretend to be Firefox to services such as safebrowsing ?

Date: Tue, 2 Feb 2010 07:46:08 +0100

On Mon, Dec 21, 2009 at 11:28:18AM +0100, Mike Hommey wrote:
> Package: iceweasel
> Version: 3.5.6-1
> Severity: serious
> Justification: This should be resolved before release
> 
> Iceweasel current replaces firefox with iceweasel in various service urls
> in configuration. Some other service urls such as safebrowsing have not been
> addressed yet, leading to bugs such as #518357.
> 
> The question is whether we can have iceweasel pretend to be firefox to such
> services, which are related to agreements between MoCo and third parties.

So far, the answer to this question is near "probably not". I now have
addresses to contact @google wrt the safebrowsing service to have
possibly get an agreement in the best case, or at least, a definite answer.

Mike

Message #39 received at 561927@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <mh@glandium.org>

To: 561927@bugs.debian.org

Subject: Re: Bug#561927: iceweasel: Can Iceweasel pretend to be Firefox to services such as safebrowsing ?

Date: Thu, 1 Apr 2010 15:42:49 +0200

On Tue, Feb 02, 2010 at 07:46:08AM +0100, Mike Hommey wrote:
> On Mon, Dec 21, 2009 at 11:28:18AM +0100, Mike Hommey wrote:
> > Package: iceweasel
> > Version: 3.5.6-1
> > Severity: serious
> > Justification: This should be resolved before release
> > 
> > Iceweasel current replaces firefox with iceweasel in various service urls
> > in configuration. Some other service urls such as safebrowsing have not been
> > addressed yet, leading to bugs such as #518357.
> > 
> > The question is whether we can have iceweasel pretend to be firefox to such
> > services, which are related to agreements between MoCo and third parties.
> 
> So far, the answer to this question is near "probably not". I now have
> addresses to contact @google wrt the safebrowsing service to have
> possibly get an agreement in the best case, or at least, a definite answer.

I haven't updated for a while, but the answer from the contact I had
@google is not definite yet. Technically, they can allow a different
client id, or maybe the firefox one would be enough, I don't know yet
which one would be best for them. But the concern about the service
itself is, I think, resolved. We are supposed to use the
googpub-phish-shavar database instead of goog-phish-shavar, which I'll
be changing in next iceweasel upload. I think this will be already enough
to close the bug here. The next adjustments are either on google end or
on ours, and will address bug #518357.

Mike

Message #46 received at 561927-close@bugs.debian.org (full text, mbox, reply):

From: Mike Hommey <glandium@debian.org>

To: 561927-close@bugs.debian.org

Subject: Bug#561927: fixed in iceweasel 3.5.9-1

Date: Sat, 03 Apr 2010 15:48:52 +0000

Source: iceweasel
Source-Version: 3.5.9-1

We believe that the bug you reported is fixed in the latest version of
iceweasel, which is due to be installed in the Debian FTP archive:

iceweasel-dbg_3.5.9-1_amd64.deb
  to main/i/iceweasel/iceweasel-dbg_3.5.9-1_amd64.deb
iceweasel_3.5.9-1.debian.tar.gz
  to main/i/iceweasel/iceweasel_3.5.9-1.debian.tar.gz
iceweasel_3.5.9-1.dsc
  to main/i/iceweasel/iceweasel_3.5.9-1.dsc
iceweasel_3.5.9-1_amd64.deb
  to main/i/iceweasel/iceweasel_3.5.9-1_amd64.deb
iceweasel_3.5.9.orig.tar.bz2
  to main/i/iceweasel/iceweasel_3.5.9.orig.tar.bz2



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 561927@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Hommey <glandium@debian.org> (supplier of updated iceweasel package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 01 Apr 2010 16:23:51 +0200
Source: iceweasel
Binary: iceweasel iceweasel-dbg
Architecture: source amd64
Version: 3.5.9-1
Distribution: unstable
Urgency: low
Maintainer: Maintainers of Mozilla-related packages <pkg-mozilla-maintainers@lists.alioth.debian.org>
Changed-By: Mike Hommey <glandium@debian.org>
Description: 
 iceweasel  - Web browser based on Firefox
 iceweasel-dbg - debugging symbols for iceweasel
Closes: 561927 567915
Changes: 
 iceweasel (3.5.9-1) unstable; urgency=low
 .
   * New upstream release.
   * config/autoconf.mk.in: Revert previous changes to install in an
     unversioned directory.
   * debian/rules: Pass an installdir variable to install into
     /usr/lib/iceweasel.
   * debian/control:
     - Suggest libkrb53 for backports.
     - Build-depend on xulrunner-dev << 1.9.2.
   * debian/iceweasel.prerm, debian/iceweasel.postinst: Remove old mozilla
     alternative. I think there is no reason to keep this anymore.
   * debian/iceweasel.links: Remove firefox and mozilla-firefox links.
     It will help make transition to Firefox easier if that ever happens.
   * debian/remove.nonfree: We now remove more non-free data. Also cleaned up
     outdated stuff. Closes: #567915
   * debian/source/format, debian/patches/*: Switch to 3.0 (quilt) format,
     with patches.
 .
   * browser/components/safebrowsing/content/application.js,
     browser/app/profile/firefox.js: Use googpub-phish-shavar instead of
     goog-phish-shavar for safe browsing. This is a first step for fixing safe
     browsing. Either the current setup will work if Google allows our client
     string to get this data, or we'll be allowed to say we're firefox to the
     safe browsing server. Closes: #561927.
Checksums-Sha1: 
 7d3d840227cafd396940e930074b2f8e5bc88e9f 1503 iceweasel_3.5.9-1.dsc
 6249055288abb9e48ef52a96aacaeed0397a3dd9 41145864 iceweasel_3.5.9.orig.tar.bz2
 40c2f201f9b10a63a81bb564a049376d6ecd7cf6 146430 iceweasel_3.5.9-1.debian.tar.gz
 e0e161d3ff1677dcc1f2ad9b5128d5eca13f76b5 1106244 iceweasel_3.5.9-1_amd64.deb
 7b5ebd5afc29afa3128fa706e8e83a884e58353c 461846 iceweasel-dbg_3.5.9-1_amd64.deb
Checksums-Sha256: 
 5938e6a436fb69e1cd5d17149ff3eb6cb5fe7ae4838c3e654f84324dfd55350f 1503 iceweasel_3.5.9-1.dsc
 5d7d87e1155b76ecb226e48fa0f1a8eee286c3fab893118cc8641b6e6f87b1cc 41145864 iceweasel_3.5.9.orig.tar.bz2
 a24037c3cb8c5584cfc1697edaad679788a5a60767dd09a1e9accabde8769fd5 146430 iceweasel_3.5.9-1.debian.tar.gz
 390e131cea61a7908efc750ecb367fae7a0fbb6e9345aea4995dca552217fa5b 1106244 iceweasel_3.5.9-1_amd64.deb
 c41c2d755c2210b34e26e80383131d944c212a59f1baa6e5b4a522985676daf2 461846 iceweasel-dbg_3.5.9-1_amd64.deb
Files: 
 e93316635426ccdf30544bee47df9cbd 1503 web optional iceweasel_3.5.9-1.dsc
 9bbbf139243de9f7262cf1b56f679b5e 41145864 web optional iceweasel_3.5.9.orig.tar.bz2
 3c9faf26bbb3064326f70f63ac12f75d 146430 web optional iceweasel_3.5.9-1.debian.tar.gz
 e826f7b25a7ef4cf7bc7200b5a9083f2 1106244 web optional iceweasel_3.5.9-1_amd64.deb
 3569afe02a23afe4b33cb2fe115b6295 461846 debug extra iceweasel-dbg_3.5.9-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFLtLnu3kvaLFT9KlgRAnJZAJ40uEKGoqcKxgOzF4kUxeTchjfrLgCeKZSY
qVl71HEEKBoEIUtIX4mdTE4=
=pqnH
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.