GNU bug report logs - #38087
IceCat: HTTPS Every-where becomes HTTPS No-where :-P

Previous Next

Package: guix;

Reported by: Raghav Gururajan <raghavgururajan <at> disroot.org>

Date: Wed, 6 Nov 2019 11:37:01 UTC

Severity: normal

Done: Mark H Weaver <mhw <at> netris.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 38087 in the body.
You can then email your comments to 38087 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#38087; Package guix. (Wed, 06 Nov 2019 11:37:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Raghav Gururajan <raghavgururajan <at> disroot.org>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Wed, 06 Nov 2019 11:37:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Raghav Gururajan <raghavgururajan <at> disroot.org>
To: bug-guix <at> gnu.org, bug-gnuzilla <at> gnu.org
Subject: IceCat: HTTPS Every-where becomes HTTPS No-where :-P
Date: Wed, 06 Nov 2019 06:35:55 -0500

[Message part 1 (text/plain, inline)]
Hello Guix and GNUzilla!

P.S. Mark, please don't feel pressured. I am just sumbmitting the issue
for awareness and tracking. :-)

I was using 'HTTPS Everywhere' add-on, with enabled https-only rule.

After v68 upgrade, the icon disappears from the tool bar and https-only 
rule was not in effect as the browser connects to http sites without
warning. But the thing is, under 'extensions' of browser settings, the
add-on is there and shows as enabled. Then when I disable and re-enable 
the add-on, the icon appears and https-only rule becomes in effect.
Everytime I restart the browser, the above situation happens all over
again.

Regards,
RG.

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#38087; Package guix. (Wed, 06 Nov 2019 18:32:02 GMT) Full text and rfc822 format available.

Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Raghav Gururajan <raghavgururajan <at> disroot.org>
To: Mark H Weaver <mhw <at> netris.org>
Cc: bug-guix <at> gnu.org, bug-gnuzilla <at> gnu.org
Subject: Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P
Date: Wed, 06 Nov 2019 13:31:07 -0500

[Message part 1 (text/plain, inline)]
> Obviously these are very severe problems, and I will look into them
> as
> soon as I can.

Would it be better to reverse the version just before 68?

I remember you mentioned something about security fix in the 68
release; may be for now, it would be better to use the older version
with only the security patch from v68?

Regards,
RG.

[signature.asc (application/pgp-signature, inline)]
Information forwarded to bug-guix <at> gnu.org:
bug#38087; Package guix. (Thu, 07 Nov 2019 02:56:01 GMT) Full text and rfc822 format available.

Message #11 received at 38087 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Raghav Gururajan <raghavgururajan <at> disroot.org>
Cc: 38087 <at> debbugs.gnu.org
Subject: Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P
Date: Wed, 06 Nov 2019 21:54:04 -0500

Hi Raghav,

> P.S. Mark, please don't feel pressured. I am just sumbmitting the issue
> for awareness and tracking. :-)

I appreciate these reports, thank you!

> I was using 'HTTPS Everywhere' add-on, with enabled https-only rule.
> 
> After v68 upgrade, the icon disappears from the tool bar and https-only
> rule was not in effect as the browser connects to http sites without
> warning. But the thing is, under 'extensions' of browser settings, the
> add-on is there and shows as enabled. Then when I disable and re-enable
> the add-on, the icon appears and https-only rule becomes in effect.
> Everytime I restart the browser, the above situation happens all over
> again.

Thank you for this.  There are definitely some problems with extensions
in the unofficial IceCat preview.  I've also noticed behavior that's
consistent with what you've described above, and not only with HTTPS
Everywhere.  At one point I noticed that although I had LibreJS
installed and enabled, its icon was no longer visible in the navigation
bar, and nonfree JavaScript was being run.

Obviously these are very severe problems, and I will look into them as
soon as I can.  Unfortunately, due to other urgent matters occupying my
attention, it will be at least a week, and possibly two, before I can
investigate.

If anyone is able to investigate these issues in the meantime, I would
be grateful.  Proposed fixes would of course be ideal, but sharing any
observations or proposals that might move the process along would be
most welcome.

      Thanks,
        Mark
Information forwarded to bug-guix <at> gnu.org:
bug#38087; Package guix. (Thu, 07 Nov 2019 03:08:01 GMT) Full text and rfc822 format available.

Message #14 received at 38087 <at> debbugs.gnu.org (full text, mbox):

From: Mark H Weaver <mhw <at> netris.org>
To: Raghav Gururajan <raghavgururajan <at> disroot.org>
Cc: 38087 <at> debbugs.gnu.org, bug-gnuzilla <at> gnu.org
Subject: Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P
Date: Wed, 06 Nov 2019 22:06:18 -0500

Hi Raghav,

Raghav Gururajan <raghavgururajan <at> disroot.org> wrote:
> Would it be better to reverse the version just before 68?
>
> I remember you mentioned something about security fix in the 68
> release; may be for now, it would be better to use the older version
> with only the security patch from v68?

It's not feasible for us to do this, because the underlying code has
changed too much between versions 60.x and 68.x.

Also, I just noticed that you cross-posted this bug report to both
bug-gnuzilla and bug-guix.  Please do not cross-post.  In this case, the
bug is not specific to Guix, so I will close the Guix bug.  Follow-ups
on this bug should go to <bug-gnuzilla <at> gnu.org> only.

      Thanks,
        Mark
bug closed, send any further explanations to 38087 <at> debbugs.gnu.org and Raghav Gururajan <raghavgururajan <at> disroot.org> Request was from Mark H Weaver <mhw <at> netris.org> to control <at> debbugs.gnu.org. (Thu, 07 Nov 2019 03:09:04 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#38087; Package guix. (Sat, 09 Nov 2019 09:51:01 GMT) Full text and rfc822 format available.

Message #19 received at 38087 <at> debbugs.gnu.org (full text, mbox):

From: Raghav Gururajan <raghavgururajan <at> disroot.org>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 38087 <at> debbugs.gnu.org, bug-gnuzilla <at> gnu.org
Subject: Re: IceCat: HTTPS Every-where becomes HTTPS No-where :-P
Date: Sat, 09 Nov 2019 04:50:09 -0500

[Message part 1 (text/plain, inline)]
> It's not feasible for us to do this, because the underlying code has
> changed too much between versions 60.x and 68.x.

I undderstand. Would it be possible to keep the old version available
along sise new version? User can use either or both versions, using
profiles.

> Also, I just noticed that you cross-posted this bug report to both
> bug-gnuzilla and bug-guix.  Please do not cross-post.  In this case,
> the
> bug is not specific to Guix, so I will close the Guix bug.  Follow-
> ups
> on this bug should go to <bug-gnuzilla <at> gnu.org> only.

OOPS! My bad.

Regards,
RG.

[signature.asc (application/pgp-signature, inline)]
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Sat, 07 Dec 2019 12:24:06 GMT) Full text and rfc822 format available.
This bug report was last modified 4 years and 141 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.