MOZILLA's GnuPG/PGP key-signing session, October 3rd
Former subject was the somewhat longer-titled '[sf-lug] [BALUG-Talk] Fwd: GnuPG / PGP key signing party October 3rd 2017'
Quoting <Michael.Paoli at cal dot berkeley dot e d U>, at least from [1] and also from [2]: ~~~~~~~~~~~~~~~~~~~~~~ [DO NOT REPLY-ALL UNLESS YOU'RE SUBSCRIBED TO ALL LISTS!] NOTE ALSO THAT appears (free) "ticket" is REQUIRED to attend this event. Passing this along, as it looks like it didn't make it to at least several lists (non-member posting and/or too many recipients):
----- Forwarded message from lhirlimann at mozilla.com ----- Date: Thu, 20 Jul 2017 10:51:18 +0200 From: "Ludovic Hirlimann" <lhirlimann at mozilla.com> Subject: GnuPG / PGP key signing party October 3rd 2017 To: buug at buug.org, Michael.Paoli at cal.berkeley.edu, talk at nblug.org, balug-talk at lists.balug.org, svlug at lists.svlug.org, sf-lug at linuxmafia.com, info at eblug.org, bad at bad.debian.net, penlug-members at new.penlug.org, bale at linuxmafia.com, meyering at fb.com
Hello my name is ludovic,
I'm a sysadmins at mozilla working remote from europe. I'm organizing a pgp Key signing party in the Mozilla san francisco office (https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco) on October the 3rd 2017 from 6PM to 8PM. ~~~~~~~~~~~~~~~~~~~~~~
Ah, so a Mozilla employee is remotely organizing a GnuGP/PGP key-signing session happening at one of the parent company's main U.S. West Coast offices. IMHO, the timing of this session is ever-so-slightly suspicious given that it's happening just over one month before the planned release date of Mozilla Firefox's extensions-busting version 57 [3]; intentionally released to cut down the browser usage percentage of Google's Chrome browser [4] as well as possibly that of the open-sourced Chromium browser [5]. One would hope that there will be _no_ data-collection and storage of participants' _personal_ information before/during/following the time of this Mozilla key-signing-only event, and well in advance of the FF57 release date......
From what I'm seeing now, and FWIW, both the 64-bit open source Brave*
browser [6] and the 32-bit open source Palemoon browser [7] will _still_ be supporting many of our most important browser extensions into the near future.
*An interesting fact to note about Brave is that their Mission District HQ [8] is ~3/4 hr MUNI busride from Mozilla's SF offence [9] ear Rincon Point.
Comments from announcement-forwarder Michael P, from Rick M, and from others are expected and of course welcome :-) -A
References ============
[1] linuxmafia.com/pipermail/sf-lug/2017q3/012773.html
[2] https://temp.balug.org/pipermail/balug-talk/2017-August/000005.html
[3] https://www.cnet.com/special-reports/mozilla-firefox-fights-back-against-goo...
[4] https://www.google.com/chrome/browser/index.html
[5] https://www.chromium.org/Home
[8] https://www.brave.com/about/
[9] https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco
Quoting acohen36@sdf.org (acohen36@sdf.org):
From what I'm seeing now, and FWIW, both the 64-bit open source Brave* browser and the 32-bit open source Palemoon browser will _still_ be supporting many of our most important browser extensions into the near future.
As will Firefox-ESR, SeaMonkey, and Waterfox.
*An interesting fact to note about Brave is that their Mission District HQ is ~3/4 hr MUNI busride from Mozilla's SF offence [9] ear Rincon Point.
Comments from announcement-forwarder Michael P, from Rick M, and from others are expected and of course welcome :-)
I'm backlogged on correspondence, and also jetlagged, having just gotten back from a couple of weeks in Helsinki and Stockholm, so don't hold your breath waiting for me to address this.
Moreover, it's already been extensively discussed elsewhere: http://linuxmafia.com/pipermail/conspire/2017-February/008707.html http://lists.svlug.org/archives/svlug/2017-February/062344.html https://lists.dyne.org/lurker/message/20170223.160150.c29d18d7.fi.html (See threads beginning at those links.)
The dropping of XUL & XDL (extension interface) from the main Mozilla codebase (after verion 56) creates unfortunate short- and medium-term consequences, though as mentioned there are indeed technical reasons for it. But there will be some very serious permanent loss of functionality, make no mistake: There is simply a great deal that WebExtensions cannot do and probably will never be able to do, things classed as 'chrome' alterations, hence involving XUL & XDL.
The recent dropping of ALSA sound support is even more regrettable IMO: I continue to regard PulseAudio as something of a horror, though one can substitute apulse as a crutch for applications that expect PulseAudio.
Last, what I've seen about code-signing has been so far troubling, with Mozilla's builds reportedly _not_ giving users control of the keychain. Of course, this being open source, anyone sufficiently motivated can maintain a patchset to restore that control. (There may have been newer developments in this area, and I would not necessarily have heard of them.)
Also, as Akkana noted on the SVLUG discussion, Firefox-ESR will preserve the ability to switch off mandatory enforcement of extension signing, via an about:config toggle (that in Mozilla's releases will be switched on by default).
So, it's the usual sort of thing where less-technical users are going to get steamrolled.