Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-11 Thread Benoit Renard 

D. K. Kraft wrote:

And no, I don't entirely agree with the FF devs that giving the user
robust management over cookies is necessarily a "feel good" option with
no real impact.


You are misrepresenting their position. They did not say that. They said 
the option didn't work as advertised, and that there is no way to have 
it work as advertised. Which is why it's a "feel good" option.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-10 Thread D. K. Kraft 

With patience akin to a cat's, Jens Hatlak, on 10/10/2009 12:45 AM typed:

On 10/10/2009 3:57 AM NoOp wrote:

Perhaps you are referring to the missing 'Allow cookies based on privacy
settings' that was available in 1.1.x?

No idea why it was removed, but seems consistent with the Firefox 3.x UI
and code.


AFAICS the two comments starting at
 summarize best
what the developer's view on that is. Please note that the SeaMonkey
developers had no influence on that decision, it was made before SM
started using Toolkit. Thus what made the difference for SM was the
general switch to Toolkit. The main reason for that was that the old
code (XPFE) was basically unmaintained AFAIK. As time went by the
probability of fixes (even concerning security) for that would have
declined up to a point where we would have just been left vulnerable.
Like it or not, the SM developers do not have the resources to maintain
that old backend so there really was no alternative.

The above is meant as an explanation, not a justification. I don't know
enough about cookie specifics to decide whether the two bug comments are
right or not.

HTH

Jens



Yeah, I was afraid this might be the case, that because the FF devs took a
certain stance on third-party cookies, SM 2.0 is now stuck with whatever options
they decided due to the switch to Toolkit.  And no, I don't entirely agree with
the FF devs that giving the user robust management over cookies is necessarily a
"feel good" option with no real impact.

Doesn't make me any less disappointed.  And don't get me started on tabbed mail.
(shudder)  I realize that SM is a volunteer effort, and I wish I had coding
skills to contribute, but sometimes the directions chosen for the Prawn aren't
pleasing--especially when so much now seems to depend on what the FF devs
decide.

C'est la vie--
--
 /\ /\   | "No. Heaven will not ever Heaven be
 ^o o^D.K. "Cat" Kraft   |  unless my cats are there to welcome
 ->T<-   |  me."
   ~  Lynnwood, WA   |   -- Epitaph on a pet
___oOO___OOo___  |  cemetery gravestone

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-10 Thread D. K. Kraft 

With patience akin to a cat's, Hartmut Figge, on 10/9/2009 11:48 PM typed:

D. K. Kraft:

With patience akin to a cat's, NoOp, on 10/9/2009 6:57 PM typed:

On 10/09/2009 06:17 PM, D. K. Kraft wrote:


I've searched Bugzilla, but have been unable to find a specific bug
regarding this UI option.  If anyone can point me in the right
direction, I would appreciate it, since I would like to vote and add
my comments regarding this security setting.

Nor could I using
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=cookie+manager
So file a bug & see what turns up.

Guess I'll have to make that leap soon.  I was waiting to see if there would be
more detailed feedback of the technical kind.


https://bugzilla.mozilla.org/show_bug.cgi?id=362908

Hartmut


Thanks.  This is actually a bug that was marked as a duplicate of two others,
but following the links back to the originating bug gave some technical info
that essentially explained the FF devs standpoint on things.  And since SM 2.0
is stuck with toolkit, now, I guess users will be stuck with the FF options as
well.

Kind of a bummer --
--
 /\ /\   | "No. Heaven will not ever Heaven be
 ^o o^D.K. "Cat" Kraft   |  unless my cats are there to welcome
 ->T<-   |  me."
   ~  Lynnwood, WA   |   -- Epitaph on a pet
___oOO___OOo___  |  cemetery gravestone
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-10 Thread Jens Hatlak 

On 10/10/2009 3:57 AM NoOp wrote:

Perhaps you are referring to the missing 'Allow cookies based on privacy
settings' that was available in 1.1.x?

No idea why it was removed, but seems consistent with the Firefox 3.x UI
and code.


AFAICS the two comments starting at 
 summarize best 
what the developer's view on that is. Please note that the SeaMonkey 
developers had no influence on that decision, it was made before SM 
started using Toolkit. Thus what made the difference for SM was the 
general switch to Toolkit. The main reason for that was that the old 
code (XPFE) was basically unmaintained AFAIK. As time went by the 
probability of fixes (even concerning security) for that would have 
declined up to a point where we would have just been left vulnerable. 
Like it or not, the SM developers do not have the resources to maintain 
that old backend so there really was no alternative.


The above is meant as an explanation, not a justification. I don't know 
enough about cookie specifics to decide whether the two bug comments are 
right or not.


HTH

Jens

--
Jens Hatlak 
SeaMonkey Trunk Tracker 
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-09 Thread Hartmut Figge 
D. K. Kraft:
>With patience akin to a cat's, NoOp, on 10/9/2009 6:57 PM typed:
>> On 10/09/2009 06:17 PM, D. K. Kraft wrote:


>>> I've searched Bugzilla, but have been unable to find a specific bug
>>> regarding this UI option.  If anyone can point me in the right
>>> direction, I would appreciate it, since I would like to vote and add
>>> my comments regarding this security setting.
>> 
>> Nor could I using
>> https://bugzilla.mozilla.org/buglist.cgi?quicksearch=cookie+manager
>> So file a bug & see what turns up.
>
>Guess I'll have to make that leap soon.  I was waiting to see if there would be
>more detailed feedback of the technical kind.

https://bugzilla.mozilla.org/show_bug.cgi?id=362908

Hartmut
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-09 Thread D. K. Kraft 

With patience akin to a cat's, NoOp, on 10/9/2009 6:57 PM typed:

On 10/09/2009 06:17 PM, D. K. Kraft wrote:

From a security standpoint, and IMO, cookie management in SM 2.0RC1
has been markedly downgraded from the level available in 1.1.18.  In
the latter, a user is able to set options for both first- and
third-party cookies, as well as specifics regarding website privacy
policies for both types of cookies. SM 2.0RC1 completely removes the
the ability to configure cookie management based on privacy options,
leaving a user with only the option of allowing all cookies, which is
unacceptable for those who wish to reject third-party cookies, or
only allowing cookies from the originating website, a blanket option
that is often too severe a restriction on some websites for which
allowing session third-party cookies of certain types is helpful and
acceptable.


Perhaps you are referring to the missing 'Allow cookies based on privacy
settings' that was available in 1.1.x?


Exactly.  Apologies if that wasn't clear.  I probably should have listed
the setting option title specifically.


No idea why it was removed, but seems consistent with the Firefox 3.x UI
and code.


Erm, and this is why I find Firefox unusable from a security standpoint where
cookies are concerned.  FF's cookie management has been dumbed down from its
early inception.  If SM will be truly inheriting this lobotomy due to the
backend change (if that is the definitive cause), it will be very unfortunate
and very frustrating.




I've searched Bugzilla, but have been unable to find a specific bug
regarding this UI option.  If anyone can point me in the right
direction, I would appreciate it, since I would like to vote and add
my comments regarding this security setting.


Nor could I using
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=cookie+manager
So file a bug & see what turns up.


Guess I'll have to make that leap soon.  I was waiting to see if there would be
more detailed feedback of the technical kind.

Thanks for the input --
--
 /\ /\   | "No. Heaven will not ever Heaven be
 ^o o^D.K. "Cat" Kraft   |  unless my cats are there to welcome
 ->T<-   |  me."
   ~  Lynnwood, WA   |   -- Epitaph on a pet
___oOO___OOo___  |  cemetery gravestone

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-09 Thread Paul B. Gallagher 

D. K. Kraft wrote:


From a security standpoint, and IMO, cookie management in SM 2.0RC1
has been markedly downgraded from the level available in 1.1.18.  In
the latter, a user is able to set options for both first- and
third-party cookies, as well as specifics regarding website privacy
policies for both types of cookies. SM 2.0RC1 completely removes the
the ability to configure cookie management based on privacy options,
leaving a user with only the option of allowing all cookies, which is
unacceptable for those who wish to reject third-party cookies, or
only allowing cookies from the originating website, a blanket option
 that is often too severe a restriction on some websites for which
allowing session third-party cookies of certain types is helpful and
acceptable.

I realize the move to the new backend for 2.0 has necessitated many 
alterations, but I fail to see the benefit in removing a robust

security option from the browser.  Surely this option was not limited
to the backend of 1.1.18; most of the options available in 2.0's UI
are either identical to 1.1.18 or so similar as to be nearly
identical.  I'm baffled as to why this option was removed or not 
ported over to 2.0.  From my POV, SM 2.0 will be unusable (as is 
Firefox, IMO and for the same reason) without the restoration of

cookie management as it stands in SM 1.1.18.

I've searched Bugzilla, but have been unable to find a specific bug 
regarding this UI option.  If anyone can point me in the right

direction, I would appreciate it, since I would like to vote and add
my comments regarding this security setting.

TIA for any replies --


Agree wholeheartedly. The Cookie Manager is a major selling point for 
me, and I brag about it to my non-Mozillan friends. I can't imagine why 
the developers took something we've been doing right and sabotaged it.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-09 Thread NoOp 
On 10/09/2009 06:17 PM, D. K. Kraft wrote:
> From a security standpoint, and IMO, cookie management in SM 2.0RC1
> has been markedly downgraded from the level available in 1.1.18.  In
> the latter, a user is able to set options for both first- and
> third-party cookies, as well as specifics regarding website privacy
> policies for both types of cookies. SM 2.0RC1 completely removes the
> the ability to configure cookie management based on privacy options,
> leaving a user with only the option of allowing all cookies, which is
> unacceptable for those who wish to reject third-party cookies, or
> only allowing cookies from the originating website, a blanket option
> that is often too severe a restriction on some websites for which
> allowing session third-party cookies of certain types is helpful and
> acceptable.

Perhaps you are referring to the missing 'Allow cookies based on privacy
settings' that was available in 1.1.x?

No idea why it was removed, but seems consistent with the Firefox 3.x UI
and code.

> 
> I realize the move to the new backend for 2.0 has necessitated many
> alterations, but I fail to see the benefit in removing a robust
> security option from the browser.  Surely this option was not limited
> to the backend of 1.1.18; most of the options available in 2.0's UI
> are either identical to 1.1.18 or so similar as to be nearly
> identical.  I'm baffled as to why this option was removed or not 
> ported over to 2.0.  From my POV, SM 2.0 will be unusable (as is
> Firefox, IMO and for the same reason) without the restoration of
> cookie management as it stands in SM 1.1.18.
> 
> I've searched Bugzilla, but have been unable to find a specific bug
> regarding this UI option.  If anyone can point me in the right
> direction, I would appreciate it, since I would like to vote and add
> my comments regarding this security setting.

Nor could I using
https://bugzilla.mozilla.org/buglist.cgi?quicksearch=cookie+manager
So file a bug & see what turns up.


> 
> TIA for any replies --

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Disappointed in changes to cookie management SM 1.1.18 vs. 2.0RC1

2009-10-09 Thread D. K. Kraft 

From a security standpoint, and IMO, cookie management in SM 2.0RC1 has been
markedly downgraded from the level available in 1.1.18.  In the latter, a user
is able to set options for both first- and third-party cookies, as well as
specifics regarding website privacy policies for both types of cookies.
SM 2.0RC1 completely removes the the ability to configure cookie management
based on privacy options, leaving a user with only the option of allowing all
cookies, which is unacceptable for those who wish to reject third-party cookies,
or only allowing cookies from the originating website, a blanket option that is
often too severe a restriction on some websites for which allowing session
third-party cookies of certain types is helpful and acceptable.

I realize the move to the new backend for 2.0 has necessitated many alterations,
but I fail to see the benefit in removing a robust security option from the
browser.  Surely this option was not limited to the backend of 1.1.18; most of
the options available in 2.0's UI are either identical to 1.1.18 or so similar
as to be nearly identical.  I'm baffled as to why this option was removed or not
ported over to 2.0.  From my POV, SM 2.0 will be unusable (as is Firefox, IMO
and for the same reason) without the restoration of cookie management as it
stands in SM 1.1.18.

I've searched Bugzilla, but have been unable to find a specific bug regarding
this UI option.  If anyone can point me in the right direction, I would
appreciate it, since I would like to vote and add my comments regarding this
security setting.

TIA for any replies --
--
 /\ /\   | "No, Heaven will not ever Heaven be
 ^o o^D.K. "Cat" Kraft   |  unless my cats are there to welcome
 ->T<-   |  me."
   ~  Lynnwood, WA   |   -- Epitaph on a pet
___oOO___OOo___  |  cemetery gravestone
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey