On Wed, Jan 14, 2015 at 10:41 AM, Ehsan Akhgari <[email protected]> wrote:
> On 2015-01-14 6:29 AM, Gijs Kruitbosch wrote: > >> Ehm, I'm pretty sure we will check for updates on release by default. >> Less sure about FHR and crashreporter, but I was under the impression >> both were opt-out. >> > > FHR is opt out: <https://dxr.mozilla.org/mozilla-central/source/ > services/healthreport/healthreport-prefs.js#21> > > Crash reporter is controlled by a build time option < > https://dxr.mozilla.org/mozilla-central/source/configure.in#6063> that is > on by default. > > Un Virumbi, naive question: would you really want to include the update >> ping in disabling this? (ie no longer getting automated updates) >> Seems to me like its privacy issues (which are very small) shouldn't >> outweigh the risk of running a version with known security issues. >> > > Well, to be fair, there is no right choice when choosing between privacy > and security. It would be nice if we ensure that update pings do not have > any potential privacy issues associated with them so that users who feel > they need to take action against this type of issue do not have to disable > updates. The app update ping only contains data that is needed to serve the right update for the system. Example from my system: AUS:SVC Checker:checkForUpdates - sending request to: https://aus4.mozilla.org/update/3/Firefox/38.0a1/20150113030205/WINNT_x86-msvc/en-US/nightly/Windows_NT%206.3.0.0%20(x64)/default/default/update.xml?force=1 The values of 'default' are for partner builds to differentiate them from our builds. Cheers, Robert _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
