You are not logged in.
Hello:
Just a heads up, not sure I understand exactly what is happening.
Updated FF 102.15.1esr-1~deb10u1 over 102.15.0esr-1~deb10u1.
Then, having seen a post on SLiM I went to check on the last package information. Wanted to read the change log for my all time favourite log-in manager.
Clicked on the package file and got this warning from FF:
File not downloaded. Potential security risk.
The file uses an insecure connection. It may be corrupted blah, blah, blah ...
What's going on?
Note: does not happen with the latest Pale Moon 32.4.0.1
Thanks in advance.
Best,
A.
Last edited by Altoid (2023-09-17 19:14:07)
Offline
What's going on?
The download link uses "http" instead of "https".
Go ahead and download it, but be sure to check the package before installing it.
Like so:
sha256sum -c file-name.deb
Then compare the output with the published value listed on the web page for that package. The values should match.
Offline
Hello:
Thanks for the prompt reply.
... link uses "http" instead of "https".
Yes, I had read something here about that some time ago.
... be sure to check the package ...
Always do that to make sure any package is downloaded intact.
But as my installations/updates/upgrades all go through apt, I'd never seen this before.
I have inherent trust in Devuan repositories, what I do not trust is my sometimes flaky ADSL. 8^/
What called my attention is that this seems to be a FF thing as Pale Moon does not issue a warning.
Best,
A.
Offline
Check FF options: if the "only https" option is selected that would explain the FF message.
Offline
Hello:
Check FF options: if the "only https" option is selected ...
No, it is not selected.
I never set it up that way.
about:preferences#privacy
Don’t enable HTTPS-Only Mode -> false
Thanks for your input.
Best,
A.
Offline
Read that entry carefully: I think it means HTTPS-Only mode IS enabled.
Offline
Hello:
Read that entry carefully: I think it means ...
Indeed ...
Makes me wonder why it would be worded in that rather confusing manner.
Wouldn't it have been much better (especially for idiots like mysef) to do it like this:
about:preferences#privacy
Enable HTTPS-Only Mode -> false
ie: no double negatives
But that is in the about:preferences page.
The UI I does not have True or False (boolean) options.
It just has a circle, like box to tick but round.
Like this:
O Don’t enable HTTPS-Only Mode
So ...
If I don't tick the circle, it does/should not set the option Don’t enable HTTPS-Only Mode
If I do tick the circle, it does/should set the option Don’t enable HTTPS-Only Mode
Seems there's something amiss (?).
Thanks for your input.
Best,
A.
Last edited by Altoid (2023-09-17 13:43:44)
Offline
A quick search reveals the main setting is (should be) a three option radio group, looking something like this:
https://assets-prod.sumo.prod.webservic … a011a8.png
The documentation also shows how to configure the per-site setting, which has an explicit On/Off drop-down:
//support.mozilla.org/en-US/kb/https-only-prefs#firefox:linux:fx102
Last edited by boughtonp (2023-09-17 14:03:23)
3.1415P265E589T932E846R64338
Offline
Hello:
... main setting is (should be) a three option radio group, looking ...
Yes.
That is exactly what I have and how I have it set.
As I understand it (with no per-site exceptions enabled) when you check that option ie: the one I have set, FF should not be enabling HTTPS-Only Mode.
But apparently it does.
So, my guess (?) is that something is amiss but then I may not have had enough espresso yet.
Thanks for your input.
Best,
A.
Offline
about:preferences is a user-friendly front-end, for the real settings, check about:config and/or the prefs.js file in the profile directory (which gets updated when you exit the browser).
Also check whether there's any "safebrowsing" crap that's blocking it?
3.1415P265E589T932E846R64338
Offline
Hello:
about:preferences is a user-friendly front-end ...
Yes and the settings there should be properly reflected in about:config.
It is actively discouraged by FF to go there, soon we won't be able to tweak anything.
Independently of the fact that not eveyone fiddles around with about:config, dom.security.https_only_mode is set to false.
I have FF 91.9.1 esr installed on my 1000HE and it works properly. ie: with the option Don’t enable HTTPS-Only set as I have done for the longest while.
... check whether there's any "safebrowsing" crap ...
No.
Besides, I cannot recall this happening with the previous version. ie: 102.15.0esr-1~deb10u1
EDIT:
It seems that it is an issue with FF.
And from the looks of it, it won't be looked at by Mozilla or fixed any time soon.
At least, the thread seems to suggest that the solution is that you emply a work-around.
ie: with FF everything has to be via HTTPS and if you don't like that, file exceptions.
Yet another reason to ditch FF.
Thanks for your input.
Best,
A.
Last edited by Altoid (2023-09-17 19:16:59)
Offline