Closed Bug 1133187 Opened 9 years ago Closed 9 years ago

Fallback whitelist update: mid-February 2015

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Version:
37 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla38
Tracking Flags:
Tracking Status
firefox37 --- fixed
firefox38 --- fixed

People

(Reporter: emk, Assigned: emk)

References

Details

Attachments

(1 file, 2 obsolete files)

patch for checkin
13.79 KB, patch
emk
: review+
lmandel
: approval-mozilla-aurora+
Details | Diff | Splinter Review
Attached patch update_whitelist (obsolete) — Splinter Review 
I would like to land this before the next merge.
Attachment #8564498 - Flags: review?(dkeeler)
Attachment #8564498 - Flags: approval-mozilla-aurora?
Attached patch update_whitelist (obsolete) — Splinter Review 
Added sites from bug 1124039 blockers.
Attachment #8564498 - Attachment is obsolete: true
Attachment #8564498 - Flags: review?(dkeeler)
Attachment #8564498 - Flags: approval-mozilla-aurora?
Attachment #8565392 - Flags: review?(dkeeler)
Attachment #8565392 - Flags: approval-mozilla-aurora?
Comment on attachment 8565392 [details] [diff] [review]
update_whitelist

Review of attachment 8565392 [details] [diff] [review]:
-----------------------------------------------------------------

r=me
Attachment #8565392 - Flags: review?(dkeeler) → review+
Comment on attachment 8565392 [details] [diff] [review]
update_whitelist

Review of attachment 8565392 [details] [diff] [review]:
-----------------------------------------------------------------

Looks like we should also add ssl.safaribooksonline.com (bug 1133940)
(In reply to David Keeler [:keeler] (use needinfo?) from comment #3)
> Looks like we should also add ssl.safaribooksonline.com (bug 1133940)

OK.
I also rerun the script and removed fixed sites.

https://hg.mozilla.org/integration/mozilla-inbound/rev/3ada01d5cdd1
Assignee: nobody → VYV03354
Status: NEW → ASSIGNED
Approval Request Comment
[Feature/regressing bug #]: N/A
[User impact if declined]: Users can not connect some broken secure sites.
[Describe test coverage new/current, TreeHerder]: Manually executed a list generator script which will virtually act as a test. No regression found on a try run:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=476344889dbf
[Risks and why]: Very low. Only adding/removing entries from a static list.
[String/UUID change made/needed]: none
Attachment #8565392 - Attachment is obsolete: true
Attachment #8565392 - Flags: approval-mozilla-aurora?
Attachment #8566144 - Flags: review+
Attachment #8566144 - Flags: approval-mozilla-aurora?
Comment on attachment 8566144 [details] [diff] [review]
patch for checkin

Glad to see sites being removed even if we need to add new ones. Aurora+
Attachment #8566144 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
https://hg.mozilla.org/mozilla-central/rev/3ada01d5cdd1
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox38: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla38
That whitelist is not complete, e.g. 

  https://forums.whatwg.org/ 
  https://images.whatwg.org/
  https://validator.whatwg.org/
  https://spec.whatwg.org/

and there are probably more for whatwg.org, you'd have to ask Ian.
Could you consider to change the hosting company, seriously?
Ian doesn't want to go through the trouble. So yes, we did consider it... Also, DreamHost has stated they will resolve the issue this quarter for VPS users. (It's already been resolved for everyone else to my knowledge.)
Do you know why dom.spec.whatwg.org is already updated? Isn't it VPS?
Indeed, for historical reasons it's on my private account.
Blocks: 1142769
In case anybody winds up here by virtue of those last couple commits, bug 1142769 landed with this bug number by accident.
You need to log in before you can comment on or make changes to this bug.