[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Extensions cannot be removed and explanation is broken link

From: Mark H Weaver
Subject: Re: Extensions cannot be removed and explanation is broken link
Date: Sat, 30 Dec 2023 06:46:53 -0500

Hi Clément,

Clément Lassieur <> writes:

> On Fri, Dec 22 2023, Antonio T. sagitter wrote:
>> Hi all.
>> Even though i agree to interdict removing IceCat's built-in addons to the
>> users, we need at least to explain why.
> Indeed, it's not obvious to me why Icecat is shipped with:
> - discontinued HTTPS Everywhere (security issue)

Do you have reason to believe that there's a security issue in HTTPS
Everywhere?  If so, please substantiate this claim.

Given the extremely simple job that HTTPS Everywhere performs, I would
not expect it to have a non-trivial attack surface.  It's just not the
kind of software that I'd expect to find a security flaw in.

The mere fact that it's a couple of years old does not strike me as a
cause for concern.

> - some USPS related extension (not updated for years) (is having an
> extension for each site that LibreJS breaks a good idea?)

As I understand it, that extension was added to solve an important
practical issue faced by those who avoid running nonfree software on
their machines.

If you know of a specific problem with any of our bundled extensions,
please substantiate your claims.

If you have a better suggestion for how we should organize our
workarounds for nonfree Javascript, please feel free to make a concrete

> - some related extension ( is down)

Thanks, this is useful information.  If that extension no longer has any
useful purpose, then I agree we should remove it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]