Closed Bug 1393954 Opened 7 years ago Closed 7 years ago

Roll Safe Browsing back to V2 in the first RC for 56

Categories

(Toolkit :: Safe Browsing, defect, P1)

Product:
Toolkit
Component:
Safe Browsing
Type:
defect

Tracking

()

Status:
VERIFIED FIXED
Tracking Flags:
Tracking Status
firefox56 blocking verified
firefox57 --- wontfix

People

(Reporter: francois, Assigned: francois)

References

Details

(Whiteboard: #sbv4-m9)

Attachments

(1 file, 1 obsolete file)

Patch to be uplifted in the last beta of the 56 cycle
3.38 KB, patch
francois
: review+
gchang
: approval-mozilla-release+
Details | Diff | Splinter Review 
For capacity planning reason on the Google side, we will be doing a staged roll-out of the Safe Browsing V4 feature (bug 1387651).

To avoid accidentally letting 100% of users on release ping the V4 server, we will roll back everyone on Beta 56 to the old V2 server.
Whiteboard: #sbv4-m9

        Attachment #8902939 -
        Flags: review?(gpascutto)

    
    

    
  
This needs to be tracked by release management so that it lands in the last beta of the 56 cycle.

          tracking-firefox56:
          --- → ?

    
    

    
  
Thanks, I'll mark it as a blocker for release to ensure we see it.

          status-firefox56:
          --- → affected

          tracking-firefox56:
          ?blocking

    
    

    
  
Comment on attachment 8902939 [details] [diff] [review]
Patch to be uplifted in the last beta of the 56 cycle

Review of attachment 8902939 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/app/profile/firefox.js
@@ -1707,5 @@
>  // Whether or not to restore a session with lazy-browser tabs.
>  pref("browser.sessionstore.restore_tabs_lazily", true);
>  
> -// Enable safebrowsing v4 tables (suffixed by "-proto") update.
> -pref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,test-malware-simple,test-unwanted-simple");

Is it intentional that the test-malware-simple and test-unwanted-simple tables are gone?

@@ -1708,5 @@
>  pref("browser.sessionstore.restore_tabs_lazily", true);
>  
> -// Enable safebrowsing v4 tables (suffixed by "-proto") update.
> -pref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,test-malware-simple,test-unwanted-simple");
> -pref("urlclassifier.phishTable", "goog-phish-proto,test-phish-simple");

Same question for test-phish-simple.

        Attachment #8902939 -
        Flags: review?(gpascutto) → review+

    
    

    
  
How confident are we that V2 still fully works on 56? I don't want to find out the answer to that question on release.
Flags: needinfo?(francois)

    
    

    
  
(In reply to Gian-Carlo Pascutto [:gcp] from comment #4)
> Comment on attachment 8902939 [details] [diff] [review]
> Patch to be uplifted in the last beta of the 56 cycle
> 
> Review of attachment 8902939 [details] [diff] [review]:
> -----------------------------------------------------------------
> 
> ::: browser/app/profile/firefox.js
> @@ -1707,5 @@
> >  // Whether or not to restore a session with lazy-browser tabs.
> >  pref("browser.sessionstore.restore_tabs_lazily", true);
> >  
> > -// Enable safebrowsing v4 tables (suffixed by "-proto") update.
> > -pref("urlclassifier.malwareTable", "goog-malware-proto,goog-unwanted-proto,test-malware-simple,test-unwanted-simple");
> 
> Is it intentional that the test-malware-simple and test-unwanted-simple
> tables are gone?

They're not actually gone. The above is overriding the pref that's set in https://searchfox.org/mozilla-central/rev/51b3d67a5ec1758bd2fe7d7b6e75ad6b6b5da223/modules/libpref/init/all.js#5349

So by removing the override, we're going back to the default (which is what Fennec is using).

(In reply to Gian-Carlo Pascutto [:gcp] from comment #5)
> How confident are we that V2 still fully works on 56? I don't want to find
> out the answer to that question on release.

We'll be running an experiment on all of beta to compare the crash rate of V2 and V4 (bug 1377267). In addition to the crashes, we'll also get lots of telemetry from this (most of which is now keyed to the provider).

Also, I'm running Nightly with a bunch of extra V2 lists (Yandex, Baidu and MozCN) and haven't noticed any problems so far. Not a huge surprise given how much common code the two versions share.

However, you raise a good point and I'll see if we can get Soft Vision to repeat their validation tests on V2 as well.
Flags: needinfo?(francois)

    
    

    
  


  
Rebased on latest beta. Carrying review from GCP.

        Attachment #8902939 -
        Attachment is obsolete: true

        Attachment #8906197 -
        Flags: review+

    
    

    
  
(In reply to François Marier [:francois] from comment #6)
> However, you raise a good point and I'll see if we can get Soft Vision to
> repeat their validation tests on V2 as well.

Soft Vision is in the middle of running their pre-release tests on V2.

    
    

    
  
François, can you request uplift now (for beta 12 build tomorrow)

Thanks!
Flags: needinfo?(francois)

    
    

    
  
From discussion on IRC. It's fine to land this after we do the beta 12 build but it means we will need to uplift to m-r, since we are doing the m-c to m-r merge early on Thursday this week. Just to be clear, we will build the release candidate (RC) on Monday  from the mozilla-release branch and then push it to beta users.

    
  
Flags: needinfo?(francois)
Summary: Roll Safe Browsing back to V2 in the last Beta 56 → Roll Safe Browsing back to V2 in the first RC for 56

    
    

    
  
Comment on attachment 8906197 [details] [diff] [review]
Patch to be uplifted in the last beta of the 56 cycle

Approval Request Comment
[Feature/Bug causing the regression]: Gradual roll-out of Safe Browsing V4 requires this (bug 1387651)
[User impact if declined]: Google has asked us to do a gradual rollout, they are not ready for all of our users at once. Safe Browsing could be broken for all of our users
[Is this code covered by automated tests?]:
[Has the fix been verified in Nightly?]: Yes, SV has manually verified both V2 and V4 in Nightly and Beta.
[Needs manual test from QE? If yes, steps to reproduce]: 
[List of other uplifts needed for the feature/fix]:
[Is the change risky?]: No
[Why is the change risky/not risky?]: Just a pref flip
[String changes made/needed]: None

        Attachment #8906197 -
        Flags: approval-mozilla-release?

    
    

    
  
Comment on attachment 8906197 [details] [diff] [review]
Patch to be uplifted in the last beta of the 56 cycle

This needs to be in m-r before 56.0-build1.

        Attachment #8906197 -
        Flags: approval-mozilla-release? → approval-mozilla-release+

    
    

    
  
https://hg.mozilla.org/releases/mozilla-release/rev/b75624820200
Status: ASSIGNED → RESOLVED
Closed: 7 years ago

          status-firefox56:
          affectedfixed

          status-firefox57:
          --- → wontfix
Resolution: --- → FIXED

    
    

    
  
We verified this issue using Fx 56.0-build1 on Widows 7 x64, Windows 10 x64, Ubuntu 16.04 LTS x86 and mac OS X 10.12.

Cheers!
Status: RESOLVED → VERIFIED

          status-firefox56:
          fixedverified

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: