Gervase Markham wrote: > Nils Maier wrote: >> Easy way of download verification like md5sums or other tools provide as >> well, but "built-in", easy-to-use and transparent. > > Yes. > >> But not to mix up with real signatures (GPG), which are much stronger. >> I don't see LF as a way to actually prevent trojaned stuff (unless, of >> course, in case of just compromised mirrors). > > But compromised mirrors are by far the most common way that things are > trojaned. > > http://www.internetnews.com/dev-news/article.php/1438341 > http://wordpress.org/development/2007/03/upgrade-212/ > http://www.afterdawn.com/news/archive/6001.cfm > http://www.daemon-tools.cc/dtcc/archive/update-download-com-issue-t5334.html > > > All of these could have been spotted much, much quicker if the download > links used link fingerprints. As soon as someone had tried downloading > this with Firefox, the download would have failed and they would have > contacted a site admin. > >> Informing the user about problems and letting him decide about proper >> actions. >> Not messing with his data without permission. > > But if it's trojaned, it's not "his data". It's someone else's evil data.
Note the _if_ part here, because you don't know for _sure_ but you just _assume_ that the file is trojaned, or whatever, and want to delete it. Why don't you let anti virus companies participate? Some even offered their help in Bugzilla. What you can do *right now* already is calling their command line software, if we only had the option for it, but nobody even considered to write it, it seems. And at the end, if there isn't any anti virus software installed, give end users a change to back out, this instead of removing the file by default. >>>> Deleting my DVD iso of the newest bleeding edge Linux I spend days >>>> downloading on a dialup line without even asking feels wrong. >>> Then don't use Link Fingerprints for such downloads. >>> >> Err, right?! I downloaded crap not even knowing about LF and the browser >> deletes that data. And then, afterwards, after everything is gone >> already, you come along to tell me that I shouldn't have used LF in the >> first place? > > No, I mean that the person providing the link should not use link > fingerprints on it, unless they want you to have that exact version. > >>> What are the possible options as to what has happened? >>> >>> 1) The download is corrupt. So you might as well delete it, because it's >>> no use to you. >>> >> Probably, but not certainly. It might have been an archive I just need >> some files from and am able to recover. Or I got a tool to repair it >> manually, or... >> Actually I did such repair (media files mostly) some times already. > > And 99.999% of users aren't going to attempt either of these things. > >>> 2) The download has been trojaned. So you definitely want to delete it. >> >> Maybe I want to recheck using another tool (md5sums, GPG) to see if LF >> messed up... > > a) If the feature gets it wrong, that's a bug and we need to fix it, not > a reason for destroying the security model. > > b) 99.999% of users are not going to do this. > > If you personally want to override this, write an extension to do so. > But the default behaviour in Firefox should be to delete, because we are > building Firefox for ordinary people. I am not ordinary, in this way, > and neither are you. And neither is anyone who knows what the md5sum > program does, or who uses archive repair tools. > >>> 3) The person supplying the Link Fingerprint URL screwed up. In which >>> case, it's their fault, and if they didn't mind you getting different >>> data, they shouldn't have used Link Fingerprints, or they should have >>> tested their URLs. >> >> In which case I got a fine download I'm about to throw away. > > But you don't _know_ it's fine. You can't tell the difference between > case 3 and case 2. > >> Then I redownload stuff just to get same error. And again... >> In the end the webmaster is not in reach and I pull out good old IE just >> to download that file for me without deleting it after the download >> completes. > > ...and get trojaned, because it was actually case 2, not case 3. > > So Firefox protected you, you bypassed the protection, and got stuffed. > Firefox did its job. > >> If you operate a rather small site you might be able to pass >> double-checked links along. >> Once sites get bigger and more complex or even automated stuff might get >> wrong more easily. > > Automated stuff gets this sort of thing wrong _less_ easily. > > Gerv _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
