Closed Bug 861101 Opened 8 years ago Closed 8 years ago

Stop adding getpersonas.com to the xpinstall whitelist

Categories

(Firefox :: General, defect)

defect
Not set
normal

Tracking

()

RESOLVED FIXED
Firefox 25

People

(Reporter: dao, Assigned: dao)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Attached patch patchSplinter Review
getpersonas.com is retired and redirects to addons.mozilla.org.
Attachment #736720 - Flags: review?(bmcbride)
Comment on attachment 736720 [details] [diff] [review]
patch

Review of attachment 736720 [details] [diff] [review]:
-----------------------------------------------------------------

::: browser/app/profile/firefox.js
@@ -203,5 @@
>  pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
>  pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
>  
>  pref("xpinstall.whitelist.add", "addons.mozilla.org");
> -pref("xpinstall.whitelist.add.36", "getpersonas.com");

This will only make it so new profiles (or those that haven't been used with Firefox 3.6 or newer) won't get getpersonas.com added to the whitelist. Existing profiles will continue to have it in the permissions database as allowing installs.

Unfortunately, we don't currently have a way to remote entries from the permissions manager (I'm not sure we've ever removed anything from this before). Filed bug 861115 for that.

So, as a stop-gap, we should also add getpersonas.com to the blacklist (xpinstall.blacklist.add.<version>), just to be safe - since we can't guarantee Mozilla will hold onto that domain indefinitely (seems reasonable to let it expire eventually).

We try to have the version represent the earliest version that had it added - and I assume we'll want to backport this to Beta (see bug 744355 comment 2 for the last time we did that dance).
Attachment #736720 - Flags: review?(bmcbride) → review-
(In reply to Blair McBride [:Unfocused] (Back from the dead. Mostly.) from comment > So, as a stop-gap, we should also add getpersonas.com to the blacklist
> (xpinstall.blacklist.add.<version>), just to be safe - since we can't
> guarantee Mozilla will hold onto that domain indefinitely (seems reasonable
> to let it expire eventually).

I don't expect we'll ever let the domain expire (domains are relatively cheap). So while it might make sense to do as you say and add it to the blacklist, I don't think it needs to block this patch.
Summary: Remove getpersonas.com from the xpinstall whitelist → Stop adding getpersonas.com to the xpinstall whitelist
Attachment #736720 - Flags: review- → review?(bmcbride)
Comment on attachment 736720 [details] [diff] [review]
patch

Review of attachment 736720 [details] [diff] [review]:
-----------------------------------------------------------------

Could you at least file a followup bug for this, dependant on bug 861115?
Attachment #736720 - Flags: review?(bmcbride) → review+
Blocks: 892494
Blocks: 892881
https://hg.mozilla.org/mozilla-central/rev/fd31bf6cc779
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 25
Blocks: 893403
You need to log in before you can comment on or make changes to this bug.