[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#172436: Updated BROWSER proposal

Russ Allbery wrote:
--- a/policy.sgml
+++ b/policy.sgml
@@ -8675,6 +8675,68 @@ name ["<var>syshostname</var>"]:
 	  for games (X and non-X games) should be installed in
+      <sect>
+	<heading>Web browsers</heading>
+	<p>
+	  Some programs have the ability to launch a web browser to
+	  display an URL.

"web browser to display an URL."
I don't like the sentence, but anyway I don't worry much,
because the program should be sensible, and open browser
only with correct protocols.

FYI: "xdg-open" could enter in new LSB,
as a generic URL opener (not only for browser):

> +              Since there are lots of different web browsers
> +  available in the Debian distribution, the system administrator
> +  and each user should have the possibility to choose a preferred
> +  web browser.
> +</p>

Is "lots of different" correct?
Anyway it is a rationale, so I would remove the first part.

+	<p>
+	  In addition, programs should choose a good default web browser
+	  if none is selected by the user or system administrator.
+	</p>
+	<p>
+	  The recommended way to satisfy these goals is for every program
+	  that launches a web browser with a URL to use the BROWSER
+	  environment variable to determine what browser the user wishes
+	  to use.
+	</p>
+	<p>
+	  The value of BROWSER may consist of a colon-separated series of
+	  browser command parts.  These should be tried in order until one
+	  succeeds.  A command part consists of the command to executed
+	  followed by 0 or more arguments separated by one or more spaces.
+	  The command and arguments should be separated at the spaces, the
+	  URL added as a final argument, and the resulting command
+	  executed directly (not via the shell).<footnote>
+	    This protects against bugs and security problems caused by
+	    shell metacharacters in the browser arguments or URL.  This
+	    specification is compatible with the
+	    <url id="http://www.dwheeler.com/browse/";
+		name="Alternative Secure BROWSER Definition">.
+	  </footnote>
+	</p>
+	<p>
+	  If the BROWSER environment variable is not set, the program can
+	  use <file>/usr/bin/x-www-browser</file> if DISPLAY is set, and
+	  <file>/usr/bin/www-browser</file> if not.  These two files are
+	  managed through the dpkg alternatives mechanism.  Thus every
+	  package providing a general-purpose web browser should call the
+	  <prgn>update-alternatives</prgn> program to register the
+	  appopriate one of these alternatives.
+	</p>

These 4 paragraphs enter to much in details of a program.
I'll really remove these paragraphs, and let the programs
use only "/usr/bin/sensible-browser" (next paragraph), so it is
easier to update the policy (evolution of FreeDesktop, ...).

I think that next paragraph is good, and IMO we should not
describe rules in details.

+	<p>
+	  Instead of implementing the above in every program that runs a
+	  web browser, programs in Debian may be configured to use
+	  <file>/usr/bin/sensible-browser</file>.  This is a program
+	  provided by the Debian base system that checks the BROWSER
+	  environment variable, falls back to the configured browser in
+	  the user's desktop environment, and then falls back to
+	  <file>/usr/bin/x-www-browser</file> or
+	  <file>/usr/bin/www-browser</file> if BROWSER is not set and no
+	  recognized desktop environment is in use.
+	</p>
+      </sect>



Reply to: