Hi, Alan wrote (26 Apr 2013 16:39:31 GMT) : > I read the commit log and its diff. Everything seems me fine, but one > thing: the TOR_SOCKS_PORT set in /etc/environment by commit 6a2de87. It > seems me dangerous to set the socks port meant for the web browser only > (for stream isolation) as a global environment variable with such a > general name.
Nice catch. I agree: if some random piece of software took these envvars into account, then it would partially defeat our stream isolation design. > In addition to that, next commit (6629701) reads: > [...] > So I wonder if the previous commit setting environment is actually > useful. Nice catch too. But yes, the envvars are needed: I've built an ISO from experimental with 6a2de870 reverted => iceweasel starts in "Tor disabled" mode, so I'm afraid we have to set the envvars. > It it is, I would prefer to set these environment variables set > for iceweasel only, e.g. in the wrapper that we would probably create > anyway to solve https://tails.boum.org/todo/dont_autostart_iceweasel/. Agreed. I'm creating todo/dont_set_torbutton_environment_variables_globally so that this is not forgotten. IMHO this is not a blocker, especially since the branch was merged already (before you commented on it), and since the freeze is close. I guess the next release manager, when reviewing each open ticket, will find that one, and once todo/dont_autostart_iceweasel is implemented, they'll gather it's now trivial to move the envvars to the right place and just do it. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev
