url-classifier should be enabled by default on xulrunner

RESOLVED FIXED in mozilla2.0b12

Status

defect
--
major
RESOLVED FIXED
11 years ago
3 years ago

People

(Reporter: glandium, Assigned: glandium)

Tracking

Trunk
mozilla2.0b12
x86
Linux
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

Assignee

Description

11 years ago
When building against a "standard" libxul-sdk, which doesn't include the url-classifier component (which lives in toolkit/components and isn't enabled by default), safe browsing doesn't work because of lack of the url-classifier (since stuff in toolkit/components don't get included, even though url-classifier ends up being enabled during the build)

Either the url-classifier should be enabled by default in libxul builds, or it should either be moved in browser or built in some way from toolkit even when using a libxul-sdk.
Yes, this is pretty bad... I just noticed yesterday that Ubuntu has disabled safe browsing because of problems like this. :/
Severity: normal → major
Component: Build Config → Phishing Protection
Flags: blocking-firefox3?
QA Contact: build.config → phishing.protection
Assignee

Comment 2

11 years ago
FWIW, I'm going to enable url-classifier in xulrunner in Debian to solve this issue.
FWIW, safe browsing works in Fedora's builds.  We're doing --enable-safe-browsing in both XR and FF, which might be the magic to make it work.
this is a distro config issue for now, it might not be ideal, but we're not going to rearchitect stuff.
Flags: blocking-firefox3? → blocking-firefox3-
Assignee

Comment 5

11 years ago
It's not necessarily about rearchitect stuff. It could be changing defaults, i.e. activating uri-classifier on xulrunner by default.
Assignee

Updated

9 years ago
Summary: Safe browsing doesn't work on libxul-sdk builds → url-classifier should be enabled by default on xulrunner
Assignee

Comment 6

8 years ago
Assignee: nobody → mh+mozilla
Attachment #513410 - Flags: review?(benjamin)

Comment 7

8 years ago
Comment on attachment 513410 [details] [diff] [review]
Enable url-classifier by default on xulrunner

I think this is fine. It's separate from whether we enable safebrowsing by default, which might require partner input.
Attachment #513410 - Flags: review?(benjamin) → review+
Assignee

Updated

8 years ago
Attachment #513410 - Flags: approval2.0?
Kev: opinions? I'm for this, generally, but want to make sure we're not pooching folks.
I don't see any issue, as it's something that doesn't affect our default builds, and I can't see it being a deal-breaker as it can still be turned off. Definitely something that'll need some documentation/messaging love for where it might affect orgs who are compiling their own binaries (which is primarily distros and projects such as Powered-by-Mozilla) from the various distros.

I don't know of anyone it'd pooch off-hand, but we don't have visibility into what other folks do with our source, and we should make sure this change is documented.
Comment on attachment 513410 [details] [diff] [review]
Enable url-classifier by default on xulrunner

Hrm - Mike - I think we have to minus this - wouldn't each app need to work out it's own downstream T&C with google for the use of the safebrowsing service? I don't think our agreement covers that. I suspect you are covered, but not "any xulrunner app"
Attachment #513410 - Flags: approval2.0? → approval2.0-
Assignee

Comment 11

8 years ago
(In reply to comment #10)
> Comment on attachment 513410 [details] [diff] [review]
> Enable url-classifier by default on xulrunner
> 
> Hrm - Mike - I think we have to minus this - wouldn't each app need to work out
> it's own downstream T&C with google for the use of the safebrowsing service? I
> don't think our agreement covers that. I suspect you are covered, but not "any
> xulrunner app"

Hum, this is url-classifier, not safebrowsing. Not that if you are concerned with downstream T&C for safebrowsing, bug 557752 is the one to address.

(In reply to comment #9)
> I don't see any issue, as it's something that doesn't affect our default
> builds, and I can't see it being a deal-breaker as it can still be turned off.
> Definitely something that'll need some documentation/messaging love for where
> it might affect orgs who are compiling their own binaries (which is primarily
> distros and projects such as Powered-by-Mozilla) from the various distros.

Note that a lot of distros shipping firefox as a xulrunner application already enable url-classifier in xulrunner (by hand).
url-classifier does look up hashes through Google, at least in the default config of Firefox:
http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#729
Assignee

Comment 13

8 years ago
(In reply to comment #12)
> url-classifier does look up hashes through Google, at least in the default
> config of Firefox:
> http://mxr.mozilla.org/mozilla-central/source/browser/app/profile/firefox.js#729

And this bug changes the default in xulrunner, and xulrunner doesn't set these prefs.
Comment on attachment 513410 [details] [diff] [review]
Enable url-classifier by default on xulrunner

renoming for the triage meeting
Attachment #513410 - Flags: approval2.0- → approval2.0?
Comment on attachment 513410 [details] [diff] [review]
Enable url-classifier by default on xulrunner

a=beltzner
Attachment #513410 - Flags: approval2.0? → approval2.0+
Assignee

Comment 16

8 years ago
http://hg.mozilla.org/mozilla-central/rev/4653a9f58761
Status: NEW → RESOLVED
Closed: 8 years ago
Component: Phishing Protection → XULRunner
Flags: blocking-firefox3-
Product: Firefox → Toolkit
QA Contact: phishing.protection → xulrunner
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b12
Version: 3.0 Branch → Trunk
Product: Toolkit → Toolkit Graveyard
You need to log in before you can comment on or make changes to this bug.