Closed Bug 1652852 Opened 4 years ago Closed 4 years ago

ignore blocklist for type == locale

Categories

(Toolkit :: Blocklist Implementation, enhancement)

Product:
Toolkit
Component:
Blocklist Implementation
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
81 Branch
Tracking Flags:
Tracking Status
firefox81 --- fixed

People

(Reporter: mixedpuppy, Assigned: robwu)

References

Details

Attachments

(1 file)

Bug 1652852 - Ignore bloomfilter blocks of langpacks on Nightly
47 bytes, text/x-phabricator-request
Details | Review

On nightly only, we should also ignore addons that are not type=extension. This will cover langpacks, dictionaries, etc. that may be build and/or updated during a nightly build. Currently we know that langpacks could be a potential issue here, but since only type=extension can have code, we should be able to safely ignore blocking other types.

I would prefer limiting this to langpacks only. We might want or have to block anything 3rd party for violations other than code-related.

I agree with Andreas. Themes are definitely something we might need to block. Dictionaries are much less likely, but they are still third party, so it doesn't hurt to include them.

Lang packs have introduced critical bugs before, both accidentally and intentionally. They've always been dangerous, and folks who focus on all the nice things features do when used as intended have often tried to get special low-friction handling for langpacks (and themes, for that matter). Even when we get to the all-fluent promised land there will still be malicious things you can do just by mis-translating things, even if we have managed to stop all the code-execution avenues.

Contributor langpacks go through AMO (if we've started allowing those again?). All the others we build and we know what they are even if they're built outside of AMO. Can we maintain a static list of known langpack IDs and slurp those into building the blocklist filters? Updating a metadata file somewhere is an extra step when we occasionally add a new langpack, but there's so much else that has to get done for that it would be just one more thing to add to the checklist.

(In reply to Daniel Veditz [:dveditz] from comment #3)

Lang packs have introduced critical bugs before, both accidentally and intentionally. They've always been dangerous, and folks who focus on all the nice things features do when used as intended have often tried to get special low-friction handling for langpacks (and themes, for that matter). Even when we get to the all-fluent promised land there will still be malicious things you can do just by mis-translating things, even if we have managed to stop all the code-execution avenues.

I hear your concerns and I share them partly. However this patch would impact langpacks for Nightly only, which are all owned by Mozilla, and rebuilt for every Nightly version. Dan, do you think this patch would be viable as a stopgap? Medium-term, we can evaluate more secure options, for example submitting even Nightly langpacks to AMO, which would allow us to revert that patch.

Contributor langpacks go through AMO (if we've started allowing those again?). All the others we build and we know what they are even if they're built outside of AMO. Can we maintain a static list of known langpack IDs and slurp those into building the blocklist filters? Updating a metadata file somewhere is an extra step when we occasionally add a new langpack, but there's so much else that has to get done for that it would be just one more thing to add to the checklist.

There are no contributor langpacks anymore, all signed langpacks are owned by releng.

Maintaining a list of add-on ids for langpacks is not enough, since the bloomfilter needs to know about every single version. I would be surprised if the version number of the langpack is reused. It could be possible, given that a nightly langpack is really only expected to be working for exactly that one nightly version. But even if we did that, working around the requirement to know each langpack version, adding that specific id-version combination to AMO (and thus the bloom filter) would be quite fragile.

just excluding langpacks is fine.

Summary: ignore blocklist for type != extension → ignore blocklist for type == locale
Assignee: nobody → rob
Blocks: blocklist-v3
Status: NEW → ASSIGNED
See Also: → 1654581
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/35338e484bec
Ignore bloomfilter blocks of langpacks on Nightly r=dveditz,TheOne,Gijs

https://hg.mozilla.org/mozilla-central/rev/35338e484bec

Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox81: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 81 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: