Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package greasemonkey.

Version 2.2-2 fixes #771110 -- xul-ext-greasemonkey: privacy breach: 
phones home after first installation.

xul-ext-greasemonkey contains the Greasemonkey mozilla addon. The 
addon code loads 
http://www.greasespot.net/p/welcome.html?utm_source=xpi&utm_medium=xpi&utm_campaign=welcome&utm_content=2.2
 
the first time the browser is started with the addon installed and 
this is a privacy breach.

The information on the page is useful, but it is also available from the 
toolbar button menu, and that toolbar button is added automatically, so there 
is no usability regression.

The patch just removes the code that loads that page. I have installed 
the resulting package with a new browser profile and there is no home 
phone call. No ill effects either -- the "submit statistics" question 
is asked as usual, the toolbar button is added to the toolbar.

Attached is the quilt patch that is added, as well as the full debdiff 
against version 2.2-1 currently in Jessie.

unblock greasemonkey/2.2-2


Thanks,
    dam

-- System Information:
Debian Release: jessie/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=bg_BG.UTF-8, LC_CTYPE=bg_BG.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Description: stop calling greasespot.net on first run after installation
 "Calling home" is a privacy breach, despite being annoying
 The information on the welcome page is already available in the menu
 provided by the toolbar button (automaticly installed)
Author: Damyan Ivanov <d...@debian.org>
Forwarded: not-needed
Bug-Debian: https://bugs.debian.org/771110

--- a/content/config.js
+++ b/content/config.js
@@ -276,20 +276,6 @@ Config.prototype._updateVersion = functi
 
     // Update the stored current version so we don't do this work again.
     GM_prefRoot.setValue("version", newVersion);
-
-    if ("0.0" == oldVersion) {
-      // This is the first launch.  Show the welcome screen.
-      var chromeWin = GM_util.getBrowserWindow();
-      // If we found it, use it to open a welcome tab.
-      if (chromeWin && chromeWin.gBrowser) {
-        var url = 'http://www.greasespot.net/p/welcome.html'
-            + '?utm_source=xpi&utm_medium=xpi&utm_campaign=welcome'
-            + '&utm_content=' + newVersion;
-        // the setTimeout makes sure we do not execute too early -- sometimes
-        // the window isn't quite ready to add a tab yet
-        chromeWin.setTimeout(chromeWin.GM_BrowserUI.openTab, 100, url);
-      }
-    }
   }));
 };
 
diff -Nru greasemonkey-2.2/debian/changelog greasemonkey-2.2/debian/changelog
--- greasemonkey-2.2/debian/changelog	2014-09-17 23:17:55.000000000 +0300
+++ greasemonkey-2.2/debian/changelog	2014-11-28 00:04:51.000000000 +0200
@@ -1,3 +1,15 @@
+greasemonkey (2.2-2) unstable; urgency=medium
+
+  * Team upload
+
+  * patch content/config.js to stop calling home on first run
+    (Closes: #771110)
+    Loading an external page upon first run is a privacy breach. The
+    information on the "welcome" page is also available in the menu of the
+    toolbar button which is installed automatically.
+
+ -- Damyan Ivanov <d...@debian.org>  Thu, 27 Nov 2014 22:02:45 +0000
+
 greasemonkey (2.2-1) unstable; urgency=medium
 
   * Team upload, to unstable
diff -Nru greasemonkey-2.2/debian/patches/series greasemonkey-2.2/debian/patches/series
--- greasemonkey-2.2/debian/patches/series	1970-01-01 02:00:00.000000000 +0200
+++ greasemonkey-2.2/debian/patches/series	2014-11-27 23:45:52.000000000 +0200
@@ -0,0 +1 @@
+stop-calling-home.patch
diff -Nru greasemonkey-2.2/debian/patches/stop-calling-home.patch greasemonkey-2.2/debian/patches/stop-calling-home.patch
--- greasemonkey-2.2/debian/patches/stop-calling-home.patch	1970-01-01 02:00:00.000000000 +0200
+++ greasemonkey-2.2/debian/patches/stop-calling-home.patch	2014-11-27 23:49:09.000000000 +0200
@@ -0,0 +1,31 @@
+Description: stop calling greasespot.net on first run after installation
+ "Calling home" is a privacy breach, despite being annoying
+ The information on the welcome page is already available in the menu
+ provided by the toolbar button (automaticly installed)
+Author: Damyan Ivanov <d...@debian.org>
+Forwarded: not-needed
+Bug-Debian: https://bugs.debian.org/771110
+
+--- a/content/config.js
++++ b/content/config.js
+@@ -276,20 +276,6 @@ Config.prototype._updateVersion = functi
+ 
+     // Update the stored current version so we don't do this work again.
+     GM_prefRoot.setValue("version", newVersion);
+-
+-    if ("0.0" == oldVersion) {
+-      // This is the first launch.  Show the welcome screen.
+-      var chromeWin = GM_util.getBrowserWindow();
+-      // If we found it, use it to open a welcome tab.
+-      if (chromeWin && chromeWin.gBrowser) {
+-        var url = 'http://www.greasespot.net/p/welcome.html'
+-            + '?utm_source=xpi&utm_medium=xpi&utm_campaign=welcome'
+-            + '&utm_content=' + newVersion;
+-        // the setTimeout makes sure we do not execute too early -- sometimes
+-        // the window isn't quite ready to add a tab yet
+-        chromeWin.setTimeout(chromeWin.GM_BrowserUI.openTab, 100, url);
+-      }
+-    }
+   }));
+ };
+ 
_______________________________________________
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers

Reply via email to