On 05/09/11 21:09, Erinn Clark wrote: > * cgp3cg <[email protected]> [2011:09:05 16:19 +1000]: >> Hi, >> >> Just downloaded TBB 2.2.32 for Linux >> (tor-browser-gnu-linux-i686-2.2.32-3-dev-en-US.tar.gz) and was surprised >> to find FF set to automatically check for and download updates. This >> seems like a significant change, and I can't find a record in my >> archives, nor in a quick scan through the changelog. >> >> Was this deliberate and did I miss something? > > No, this is not deliberate and must be a bug. The prefs.js we ship has: > > user_pref("app.update.auto", false); > user_pref("app.update.enabled", false); > > https://gitweb.torproject.org/torbrowser.git/blob/maint-2.2:/build-scripts/config/no-polipo-4.0.js > > We enabled addon updates because we believe it is safer, but that is a > different setting. I see in my own TBB that app.update.auto has been set to > true, but I certainly didn't make it that way either as a user or developer. > > Thanks for noticing, I'm going to add fixing this to our next update > (September > 10th).
Thanks Erinn, I've also discovered that with this version FF defaults to saving passwords, and that there a 4 CA certificates present for DigiNotar and 2 for DigiNotar B.V. The first isn't a huge issue, but according to the changelog for 2.2.32-2: * Update Firefox to 6.0.1, with an additional patch to exclude DigiNotar completely I've also had a quick poke at a few older versions (the only ones I have handy): - 2.2.25 (FF 4.0.1) - 1.1.3 (FF 3.6.13) and both only show 1 CA cert for DigiNotar. Stock standard FF 6.0 also only had one, and it's now gone completely from 6.0.1 ... so why the presence of four in TBB? Thanks -C _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
