[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Extensions cannot be removed and explanation is broken link
|
From: |
Mark H Weaver |
|
Subject: |
Re: Extensions cannot be removed and explanation is broken link |
|
Date: |
Sat, 30 Dec 2023 06:46:53 -0500 |
Hi Clément,
Clément Lassieur <clement@lassieur.org> writes:
> On Fri, Dec 22 2023, Antonio T. sagitter wrote:
>
>> Hi all.
>>
>> Even though i agree to interdict removing IceCat's built-in addons to the
>> users, we need at least to explain why.
>
> Indeed, it's not obvious to me why Icecat is shipped with:
> - discontinued HTTPS Everywhere (security issue)
Do you have reason to believe that there's a security issue in HTTPS
Everywhere? If so, please substantiate this claim.
Given the extremely simple job that HTTPS Everywhere performs, I would
not expect it to have a non-trivial attack surface. It's just not the
kind of software that I'd expect to find a security flaw in.
The mere fact that it's a couple of years old does not strike me as a
cause for concern.
> - some USPS related extension (not updated for years) (is having an
> extension for each site that LibreJS breaks a good idea?)
As I understand it, that extension was added to solve an important
practical issue faced by those who avoid running nonfree software on
their machines.
If you know of a specific problem with any of our bundled extensions,
please substantiate your claims.
If you have a better suggestion for how we should organize our
workarounds for nonfree Javascript, please feel free to make a concrete
proposal.
> - some libgen.me related extension (libgen.me is down)
Thanks, this is useful information. If that extension no longer has any
useful purpose, then I agree we should remove it.
Regards,
Mark