On Tue, May 8, 2018 at 5:20 AM, Robert Marcano <rob...@marcanoonline.com> wrote:
> On 05/08/2018 03:54 AM, Wolfgang Rosenauer wrote: > >> Hi, >> >> I'm wondering if there are any differences between upcoming Firefox 60 >> and 60esr releases in code or in configuration? >> > > Some policies are exclusive to ESR. I personally do not like that, but > there are reasons Mozilla want to avoid regular users to be locked by the > usage of those settings. > The problem is that because those policies are simply registry entries, any application can simply set them. Google originally worked around this by using Active Directory specific APIs instead of the registry, but eventually gave up and moved back to registry. They now only allow certain policies on Windows if connected to an Active Directory server. > > Note: I find the locking of the settings too easy to bypass by malware > (even if autoconfig is removed in the future), just unpack the onmi.ja and > update the JSON definition of the policies and ready, those policies are > available for non ESR builds (IIRC omni.ja is not signed in any way and not > checked at load time) > The difference is that a change like that would be immediately corrected on the next update to Firefox, whereas laying down policies or autoconfig persist across Firefox updates. Obviously we can't protect against everything, but we can certainly try our best. > > I hope the github issue about allowing all policies on non ESR build when > the machine is on a domain is implemented, and I wish for, all Linux > machines (settings policies implementation for Linux requires root) That's certainly the plan. The main reason I didn't turn on all policies for Linux and Mac is that I wanted to have a Windows solution ready as well. The way it will work eventually is that for Rapid Release, all policies will work if you are either Mac, Linux or Windows connected to an Active Directory server. I just need to write the code to detect an Active Directory server. Anyone that needs to use Local Group Policy will have to use ESR. Mike > > > >> >> Thanks, >> Wolfgang >> _______________________________________________ >> Enterprise mailing list >> Enterprise@mozilla.org >> https://mail.mozilla.org/listinfo/enterprise >> >> To unsubscribe from this list, please visit >> https://mail.mozilla.org/listinfo/enterprise or send an email to >> enterprise-requ...@mozilla.org with a subject of "unsubscribe" >> >> > _______________________________________________ > Enterprise mailing list > Enterprise@mozilla.org > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit https://mail.mozilla.org/listi > nfo/enterprise or send an email to enterprise-requ...@mozilla.org with a > subject of "unsubscribe" >
_______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"
