Closed Bug 686731 Opened 14 years ago Closed 12 years ago

Port mozilla.org phishing pages to mozqa.com

Categories

(Mozilla QA Graveyard :: Infrastructure, defect)

Product:
Mozilla QA Graveyard
Component:
Infrastructure
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: u279076, Unassigned)

References

Details

Due to bug 662213, the phishing test sites will be deprecated and moved breaking our Safe Browsing tests: http://www.mozilla.com/firefox/its-a-trap.html http://www.mozilla.com/firefox/its-an-attack.html We need to get these pages moved into mozqa.com and find a way to get them recognized as fraudulent.
I completely fail to see the reason behind this bug. Why should these pages be on mozqa.com instead of the domain described in bug 662213 which you linked?
What domain? I see in comment 0 and 11 there that we need to move these pages and have them added to the list if we want to still test the behavior in QA.
>What domain? itisatrap.org (bug 662213 comment 14) >I see in comment 0 and 11 there that we need to move these pages and have them >added to the list if we want to still test the behavior in QA. Yes, to itsatrap.org.
We need them on an internally controlled resource for Mozmill tests.
Once bug 693389 has been fixed we would be able to update our tests to simply use the .org version of the pages. As given by the mochitests we should investigate if we really need those tests for Mozmill or not.
>We need them on an internally controlled resource for Mozmill tests. But that's what itsatrap.org is, right? There are (or rather, were) technical reasons for not wanting these pages on a domain that's also hosting real, other webpages. I can create a patch to add whatever you need to the urlclassifier DB, but lets please not duplicate work. The plan was: www.mozilla.com/firefox/its-a-trap.html -> www.itsatrap.org/foobar/... but due to the delay in getting itsatrap.org set up and the .com -> .org move interfering it will end up being: www.mozilla.com -> www.mozilla.org -> itsatrap.org
(In reply to Gian-Carlo Pascutto (:gcp) from comment #6) > www.mozilla.com/firefox/its-a-trap.html -> www.itsatrap.org/foobar/... But what about the its-an-attack page? I cannot find any reference across open bugs about this page.
Its-an-attack should sit on the same domain as the other page, just like before. They just have to get away from mozilla.com/org.
Ok, thanks. So I would say we should mark this bug as wontfix. Given the new website and that a test also has to work manually we should base on it and not on mozqa.com.
Before I mark this WONTFIX I want to get clear consensus on what needs to be changed in our tests... www.mozilla.com/firefox/its-a-trap.html -> www.itsatrap.org/firefox/its-a-trap.html www.mozilla.com/firefox/its-an-attack.html -> www.itsatrap.org/firefox/its-an-attack.html Can someone please confirm?
Confirmed that this was the intention. CC web people to confirm they understood it the same way.
Gian-Carlo, mind re-checking comment 10 if those are present on itsatrap.org somewhere? I can't find both pages.
It is setup that way: www.mozilla.com/firefox/its-a-trap.html -> http://www.itisatrap.org/ www.mozilla.com/firefox/its-an-attack.html ->http://www.itisatrap.org/its-an-attack.html
Hrmm, that's not what was said in comment 10, and it might not work because of this: We need to mark "www.itsatrap.org" as a phishing site so you get a phishing warning there. Then, checking "http://www.itisatrap.org/its-an-attack.html" will also check "www.itsatrap.org" (required by the protocol) and find a *phishing* hit before we can get a *malware* hit. I don't know the code entirely by hearth but I think there's a real risk that this setup can't work. Even if it might work right now, it's going very much into a fine reading of the specification, or even implementation-defined behavior, which certainly wasn't the intention here... Rik, can you change the layout to what was suggested in comment 10? The /firefox/ part can go, but the page that tests "attacks" should not sit "below" (in URL-sense) the page that tests "phishing".
Blocks: 662046
Depends on: 906425
Is this bug still valid? I think there are way too many bugs open about the its-a-trap and itsatrap.org sites/pages and it is making this conversation way more difficult than it should be.
Summary: Port mozilla.org phishing pages to mozqa.com → Port mozilla.org phishing pages to quality.mozilla.org
(In reply to Chris More [:cmore] from comment #15) > Is this bug still valid? I think there are way too many bugs open about the > its-a-trap and itsatrap.org sites/pages and it is making this conversation > way more difficult than it should be. I don't know that we want to host this on QMO -- mozqa.com might be a better place for this. Anthony, do we still need to transition this somewhere?
>Is this bug still valid? I think there are way too many bugs open about the its-a-trap and itsatrap.org sites/pages and it is making this conversation way more difficult than it should be. I'm quite willing to summarize what needs to happen, but none of these bugs ever sees any movement. Comment 14 sat there for over a year (this is after it took a year to get the site made), and I made 906425 to celebrate it's anniversary. All the other itsatrap.org bugs are blocked on it. The old pages are hardcoded in the product, so transitioning away from them takes some precise steps: 1) Set up redirects from the old site to the new site (bug 880147) 2) Update the internal DB in Firefox and wait until all clients are updated (will take up to 52 weeks due to ESR) 3) Remove the old pages and redirects (bug 662046) Meanwhile, the delay in setting up that site has caused a number of additional bugs to spawn, including a whole bunch to deal with the mozilla.com -> org move, and now some new ones because a localization change to mozilla.org broke the original ones. Your comment that "there's too many bugs open about this" makes me want to cry. You commented in bug 662046 "I really just want them off of mozilla.org". That makes two of us, and I've been trying for over 2 years now. So, if you have any actual power to set up the webpages, look at comment 14 and bug 906425. If you don't, then good luck to you buddy!
Thanks for the summary and this clears things up quite a bit. I adjusted the title of bug 906425 so that people know it is a bug tracking other bugs to completion. I think it was the multiple bugs and the comments referencing other bugs that seemed like circular logic. Regardless of where these pages go, they need to get off of the php side of mozilla.org as that is all going away this year. Our new team took over technical management of mozilla.org 1 1/2 years ago and we are still paying off a lot of technical debt. The mozilla.com->.org change and php to python really put many projects on pause. We have to get off of the php side by the end of this calendar year for many reasons. When you say "new site" or "setting up that site", are you talking about itsatrap.org site or a new site all together? In your descriptions of the summary above in comment 17, you don't mention this bug 686731 specifically and how mozqa.com fits into the plan. Is the QA site the "new site" or is it the existing itsatrap.org? If itsatrap.org is the final intended website, shouldn't we close this bug? How about a vidyo session where we can get the right people on the call and get everyone on the same page? I can set that up.
Summary: Port mozilla.org phishing pages to quality.mozilla.org → Port mozilla.org phishing pages to mozqa.com
Personally I would suggest that we do not make use of mozqa.com here but use the already existent itisatrap.org (NOT itsatrap.org) domain. Reason is that mozqa.com exists mostly for QA related test cases and tools. But this specific feature is probably wider used.
(In reply to Henrik Skupin (:whimboo) from comment #19) > Personally I would suggest that we do not make use of mozqa.com here but use > the already existent itisatrap.org (NOT itsatrap.org) domain. Reason is that > mozqa.com exists mostly for QA related test cases and tools. But this > specific feature is probably wider used. Ok, so does everyone agree that the pages and fixes should be on itisatrap.org? Who owns itisatrap.org and the code https://github.com/mozilla/itisatrap ? Does the mozilla.org/Web Productions team own it even though it is not on bedrock or mozilla.org domain? Is there a better owner?
We are not going to move these pages to mozqa.com. They will stay on the domain http://itisatrap.org/.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → WONTFIX
Product: Mozilla QA → Mozilla QA Graveyard
You need to log in before you can comment on or make changes to this bug.