Bug#172436: [PROPOSAL] web browser url viewing
Raphael Hertzog [EMAIL PROTECTED] writes: On Tue, 04 Mar 2008, Russ Allbery wrote: I have gotten no further feedback on this proposal other than Clint's note that he finds this better-specified than the original ESR BROWSER specification, but hesitates to comment further since he doesn't use it. I would like to resolve this bug for the next Policy release, but I don't want to just commit patches on my own say-so. I'm not sure this change is still needed. While it might be good to have such a mechanism for some non-graphical programs, it probably makes most of Gnome programs buggy since they have their own method of browser selection (based on xdg-open AFAIK) and I'm not sure that they would conform to this specification. Thus I would rather NACK this policy change. I think the point about GNOME is very well-taken. However, I wonder if we should change the wording that we're using to handle that case rather than not making the change at all. I'm not sure that the change is necessary, in that it seems like most packages affected have already made the relevant changes, but there are still some issues that are addressed by this change: * sensible-browser is currently undocumented, but sensible-editor and sensible-pager are documented in Policy. It would be nice to document all of them. * Policy should probably document the x-www-browser and www-browser alternatives for interoperability. Right now, maintainers of browsers have to just know about them. * There are various different ways in which BROWSER can be implemented, and it would be nice to tell Debian users *somewhere* what implementation they can expect. All of those would be addressed by incorporating some version of this change. Maybe we should just back off on honoring BROWSER in the face of more explicit configuration? For example, we could say that BROWSER and (x-)www-browser should only be used if the package doesn't use a desktop environment that provides a mechanism for opening a document in a preferred browser. I can try to come up with revised wording if people think this is worth pursuing. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#172436: [PROPOSAL] web browser url viewing
On Tue, 04 Mar 2008, Russ Allbery wrote: Russ Allbery [EMAIL PROTECTED] writes: Here is a patch based heavily on Joey's original patch that describes that. This patch (similar to Joey's) doesn't include the URL canonicalization requirements of the secure BROWSER specification. They don't seem obviously necessary to me and are complex and would add a lot of additional wording to explain how to canonicalize URLs. Comments? Seconds? I have gotten no further feedback on this proposal other than Clint's note that he finds this better-specified than the original ESR BROWSER specification, but hesitates to comment further since he doesn't use it. I would like to resolve this bug for the next Policy release, but I don't want to just commit patches on my own say-so. I'm not sure this change is still needed. While it might be good to have such a mechanism for some non-graphical programs, it probably makes most of Gnome programs buggy since they have their own method of browser selection (based on xdg-open AFAIK) and I'm not sure that they would conform to this specification. Thus I would rather NACK this policy change. Cheers, -- Raphaël Hertzog Le best-seller français mis à jour pour Debian Etch : http://www.ouaza.com/livre/admin-debian/
Bug#172436: [PROPOSAL] web browser url viewing
Russ Allbery [EMAIL PROTECTED] writes: Here is a patch based heavily on Joey's original patch that describes that. This patch (similar to Joey's) doesn't include the URL canonicalization requirements of the secure BROWSER specification. They don't seem obviously necessary to me and are complex and would add a lot of additional wording to explain how to canonicalize URLs. Comments? Seconds? I have gotten no further feedback on this proposal other than Clint's note that he finds this better-specified than the original ESR BROWSER specification, but hesitates to comment further since he doesn't use it. I would like to resolve this bug for the next Policy release, but I don't want to just commit patches on my own say-so. Could those reading the Policy list please review the patch at: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=172436#154 and either second or point out problems so that we can resolve this and close this bug? Thanks! -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#172436: [PROPOSAL] web browser url viewing
On Tue, Jan 01, 2008 at 09:08:30PM -0800, Russ Allbery wrote: Here is a patch based heavily on Joey's original patch that describes that. This patch (similar to Joey's) doesn't include the URL canonicalization requirements of the secure BROWSER specification. They don't seem obviously necessary to me and are complex and would add a lot of additional wording to explain how to canonicalize URLs. Comments? Seconds? Solely for being better specified, I think either this or the Compatible definition is preferable to the ESR original. I never use BROWSER myself, so I'm hesitant to weigh in on the other aspects. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#172436: [PROPOSAL] web browser url viewing
The BROWSER environment variable proposal is another wording proposal that's been sitting in the Policy bug queue for quite some time with plenty of seconds and a concrete wording proposal. I'd like to resurrect this discussion and put it permanently to rest one way or the other. Copying Joey as the original proposer and Clint just in case you're not following debian-policy at the moment, since the outcome of this discussion may affect sensible-browser in debianutils and the resolution of Bug#289745. After reading through the bug log and reading some of the discussion of BROWSER at http://www.dwheeler.com/browse/, I'm inclined to agree with the following analysis from that page: In particular, a major debate is whether it's worth calling the shell. The shell call may be removed as being too dangerous. Options include: (1) BROWSER only having a list of program names, (2) BROWSER listing programs with constant arguments (no need for %s), and (3) Using % replacements but avoiding the shell. The % replacements are increasingly looking undesirable; they take more work to program, and handling Netscape/Mozilla properly requires writing a short program anyway (so they don't seem to be helpful). Accordingly, I think Debian should implement the alternative proposal that doesn't allow %s escapes. This is compatible with the proposal that does, and with what sensible-browser does today, except that people who have a BROWSER environment variable setting that uses %s will find that it won't work if this approach is adopted. I'm dubious how many people have gotten that to work successfully; see http://bugs.debian.org/289745 as noted above and the problems uncovered there. Here is a patch based heavily on Joey's original patch that describes that. This patch (similar to Joey's) doesn't include the URL canonicalization requirements of the secure BROWSER specification. They don't seem obviously necessary to me and are complex and would add a lot of additional wording to explain how to canonicalize URLs. Comments? Seconds? --- orig/policy.sgml +++ mod/policy.sgml @@ -8441,6 +8441,65 @@ for games (X and non-X games) should be installed in file/usr/share/man/man6/file./p /sect + + sect + headingWeb browsers/heading + + p + Some programs have the ability to launch a web browser to + display an URL. Since there are lots of different web browsers + available in the Debian distribution, the system administrator + and each user should have the possibility to choose a preferred + web browser. + /p + + p + In addition, programs should choose a good default web browser + if none is selected by the user or system administrator. + /p + + p + Thus, every program that launches a web browser with an URL + should use the BROWSER environment variable to determine what + browser the user wishes to use. + /p + + p + The value of BROWSER may consist of a colon-separated series of + browser command parts. These should be tried in order until one + succeeds. A command part consists of the command to executed + followed by 0 or more arguments separated by one or more spaces. + The command and arguments should be separated at the spaces, the + URL added as a final argument, and the resulting command + executed directly (not via the shell).footnote + This protects against bugs and security problems caused by + shell metacharacters in the browser arguments or URL. This + specification is compatible with the + url id=http://www.dwheeler.com/browse/; + name=Alternative Secure BROWSER Definition. + /footnote + /p + + p + If the BROWSER environment variable is not set, the program can + use file/usr/bin/x-www-browser/file if DISPLAY is set, and + file/usr/bin/www-browser/file if not. These two files are + managed through the dpkg alternatives mechanism. Thus every + package providing a general-purpose web browser must call the + prgnupdate-alternatives/prgn program to register the + appopriate one of these alternatives. + /p + + p + Instead of implementing the above in every program that runs a + web browser, programs in Debian may be configured to use + file/usr/bin/sensible-browser/file. This is a program + provided by the Debian base system that checks the BROWSER + environment variable, and falls back to + file/usr/bin/x-www-browser/file or + file/usr/bin/www-browser/file if it is not set. + /p + /sect /chapt -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe.
