[BALUG-Talk] MOZILLA's GnuPG/PGP key-signing session, October 3rd
Rick Moen
rick@linuxmafia.com
Wed Aug 16 13:58:16 PDT 2017
Quoting acohen36@sdf.org (acohen36@sdf.org):
> From what I'm seeing now, and FWIW, both the 64-bit open source Brave*
> browser and the 32-bit open source Palemoon browser will _still_ be
> supporting many of our most important browser extensions into the near
> future.
As will Firefox-ESR, SeaMonkey, and Waterfox.
> *An interesting fact to note about Brave is that their Mission District HQ
> is ~3/4 hr MUNI busride from Mozilla's SF offence [9] ear Rincon
> Point.
>
> Comments from announcement-forwarder Michael P, from Rick M, and from
> others are expected and of course welcome :-)
I'm backlogged on correspondence, and also jetlagged, having just gotten
back from a couple of weeks in Helsinki and Stockholm, so don't hold
your breath waiting for me to address this.
Moreover, it's already been extensively discussed elsewhere:
http://linuxmafia.com/pipermail/conspire/2017-February/008707.html
http://lists.svlug.org/archives/svlug/2017-February/062344.html
https://lists.dyne.org/lurker/message/20170223.160150.c29d18d7.fi.html
(See threads beginning at those links.)
The dropping of XUL & XDL (extension interface) from the main Mozilla
codebase (after verion 56) creates unfortunate short- and medium-term
consequences, though as mentioned there are indeed technical reasons for
it. But there will be some very serious permanent loss of
functionality, make no mistake: There is simply a great deal that
WebExtensions cannot do and probably will never be able to do, things
classed as 'chrome' alterations, hence involving XUL & XDL.
The recent dropping of ALSA sound support is even more regrettable IMO:
I continue to regard PulseAudio as something of a horror, though one can
substitute apulse as a crutch for applications that expect PulseAudio.
Last, what I've seen about code-signing has been so far troubling, with
Mozilla's builds reportedly _not_ giving users control of the keychain.
Of course, this being open source, anyone sufficiently motivated can
maintain a patchset to restore that control. (There may have been newer
developments in this area, and I would not necessarily have heard of
them.)
Also, as Akkana noted on the SVLUG discussion, Firefox-ESR will preserve
the ability to switch off mandatory enforcement of extension signing,
via an about:config toggle (that in Mozilla's releases will be switched
on by default).
So, it's the usual sort of thing where less-technical users are going to
get steamrolled.
More information about the BALUG-Talk
mailing list