Consider removing old settings

[Genbox]

To simplify the config, consider removing old settings that no longer apply. As of Firefox 39.0.3, the following settings no longer apply:

• browser.frames.enabled
• browser.download.manager.retention
• browser.history_expire_days
• browser.history_expire_sites
• browser.history_expire_visits
• general.useragent.override
• plugins.hide_infobar_for_outdated_plugin

[Hunter-Github]

Would disagree with that: there are also ESR browsers out there. Historically significant options may be simply put in a single section of the file.

[Genbox]

This issue is just a consideration, not an actual issue which needs to be fixed right away. I think it would be prudent to keep track of deprecated settings along the way, and remove them as new releases of Firefox ESR comes out.

That being said, The the settings are also not present in the current version of Firefox ESR.

[Genbox]

The following settings are also not present in the current Firefox and Firefox ESR releases.

• browser.sessionstore.enabled
• browser.sessionstore.postdata
• javascript.options.methodjit.chrome
• javascript.options.methodjit.content
• media.gmp-gmpopenh264.enabled
• network.dns.disablePrefetchFromHTTPS
• spdy.enabled.v3
• network.negotiate-auth.allow-insecure-ntlm-v1
• network.negotiate-auth.allow-insecure-ntlm-v1-https
• security.enable_ssl3
• security.enable_tls_session_tickets
• security.ssl3.dhe_rsa_camellia_128_sha
• security.ssl3.dhe_rsa_camellia_256_sha
• security.ssl3.dhe_dss_camellia_128_sha
• security.ssl3.dhe_dss_camellia_256_sha
• security.ssl3.rsa_camellia_128_sha
• security.ssl3.rsa_camellia_256_sha
• security.ssl3.rsa_null_md5
• security.ssl3.rsa_null_sha
• security.ssl3.ecdh_rsa_null_sha
• security.ssl3.ecdhe_ecdsa_null_sha
• security.ssl3.ecdhe_rsa_null_sha
• security.ssl3.ecdh_ecdsa_null_sha
• security.ssl3.dhe_dss_aes_128_sha
• security.ssl3.dhe_dss_aes_256_sha
• security.ssl3.dhe_dss_des_ede3_sha
• security.ssl3.dhe_rsa_des_ede3_sha
• security.ssl3.ecdh_ecdsa_aes_128_sha
• security.ssl3.ecdh_ecdsa_aes_256_sha
• security.ssl3.ecdh_ecdsa_des_ede3_sha
• security.ssl3.ecdh_ecdsa_rc4_128_sha
• security.ssl3.ecdh_rsa_aes_128_sha
• security.ssl3.ecdh_rsa_aes_256_sha
• security.ssl3.ecdh_rsa_des_ede3_sha
• security.ssl3.ecdh_rsa_rc4_128_sha
• security.ssl3.ecdhe_ecdsa_des_ede3_sha
• security.ssl3.ecdhe_rsa_des_ede3_sha
• security.ssl3.rsa_1024_rc4_56_sha
• security.ssl3.rsa_fips_des_ede3_sha
• security.ssl3.rsa_rc2_40_md5
• security.ssl3.rsa_rc4_40_md5
• security.ssl3.rsa_seed_sha

[pyllyukko]

We can certainly clean up the user.js along the way, but I want to be 100% sure that the settings are really gone. That would mean a reference to Mozilla's bug tracker that clearly states that this and that setting has been removed or otherwise obsoleted. Not having some setting in about:config is not necessarily enough.

Maybe an separate ESR user.js would be the answer to not break stuff, on Tor's ESR version there is no necessary to use a hardened config since it's already set to max and the rest can be controlled via the torbutton.

I'm not too keen on having separate versions of this, especially when this would only be a cosmetic change.

[nodiscc]

store the entries in a deprecated category within user.js

As a user of this project I would like this. Or just comment out the relevant lines, adding deprecated as of Firefox $version on line end. I would prefer this over searching in the git history why a particular setting is not there (has it been removed? deprecated? do we need to add it?)

[nodiscc]

I think the preferred approach is to append affected Firefox version numbers to the pref description, like we did for the Battery API prefs (https://github.com/pyllyukko/user.js/blob/master/user.js#L72).

This needs to be made clearer in the README, and then this issue can be closed.