Hi Guy, 2013/7/15 Guy Harris <g...@alum.mit.edu>: > > On Jul 15, 2013, at 6:57 AM, Bálint Réczey <bal...@balintreczey.hu> wrote: > >> I think there is no clear preference. >> sensible-pager and sensible-editor are mentioned [1] in Debian Policy >> which gives direction to maintainers, but sensible browser is not. >> There is an ongoing discussion [2] about updating the Policy with the >> last comment recommending xdg-open for our case. >> >> Since prefer having less patches and in my quick test xdg-open >> behaved more reasonably than sensible-browser > > At least in our case, where I don't *think* we're handing it arbitrary > strings that could end up opening things it shouldn't. > > Whilst doing some Web searching I found a 2009 thread: > > http://lists.debian.org/debian-devel/2009/08/msg00020.html > > that raised some security issues about xdg-open; dunno whether the 2011 bug > comment you cite (which also turned up in the searching) takes that into > account. >I don't know whether those issues are now considered "not a problem" or are >otherwise fixed. I think we always provide an URL to xdg-open thus the mentioned security problem which is a bit questionable IMO, does not affect us.
> > Note, BTW, that Qt's openURL code uses xdg-open, if found, on "generic UNIX", > and doesn't appear to be patched by Debian to use sensible-browser instead. > (I think it ends up using the same Launch Services stuff we do on OS X, > albeit in Qt's case it does so through Cocoa, and it also uses the same Shell > APIs on Windows. wireshark-qt uses the openURL code.) > >> Note that wireshark must add dependency on xdg-utils to used xdg-open. > > "Dependency" in the Debian sense, or in some other sense? Currently, the > configure script tries to find xdg-open and, if that fails, falls back on > using htmlview or mozilla, depending on which one it finds. In Debian sense. Your concern is absolutely valid, I have already added a build time dependency, too, to always detect xdg-open. I just wanted to check the build in a new chroot before committing the change. > > (BTW, Qt's "generic UNIX" code appears to do the checks for various programs > at *run* time, and, if it doesn't find xdg-open: > > if the DEFAULT_BROWSER or BROWSER environment variable is set, use > the first of those that's set (in that order) and, if that's an executable, > uses that; > > otherwise, if the desktop environment is (somehow) detected to be > KDE, uses kfmclient; > > otherwise, if the desktop environment is (somehow) detected to be > GNOME, uses gnome-open; > > otherwise, tries, in order, google-chrome, firefox, mozilla, and > opera.) We could do that, but the wireshark package now depends on xdg-utils, and that guarantees the existence of xdg-open when we need it. >> I think we could move this thread to wireshark-dev to document the >> rationale behind the change. > > Sounds good. Done, for this email, too. ;-) Cheers, Balint ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
