Luke <[email protected]> writes: > Hello All, > Per the last consensus there was the recommendation to keep nonprism > "secure", and to split the iceweasel package into two packages to avoid > impacting users with less "features".[1]
I would expect [nonprism] would be secure by default, but the repo should be activated as opt-in. > The problem I see with this is, people are using nonprism thinking they > are getting the most secure setup - and are not. However, it is still > technically in line with the current purpose of nonprism which is "not > using insecure/privacy invasive protocols". The nonprism repo's > descriptive purpose is not very well defined on our wiki, so there is no > statement as to how secure it should be. [2] > > To fix this issue I propose the following two proposals for consensus, > and two questions: > > 1) Re-define or rename [nonprism] so that it also includes packages for > hardened, secure defaults, and less metadata/fingerprinting. I agree hardened packages belong here. > 2) Provide a "meta package" that installs > your-privacy-*hardened/options* rather than just your-privacy. It can > recommend packages, but they will not be mandatory and should not > conflict with other software, so that users can comfortably have > "iceweasel"(insecure) and "iceweasel-hardened" both voluntarily > installed on the same system. Can't find any 'your-privacy' package. > 3) Should we just remove iceweasel/icedove-nonprism instead of further > complicating things by keeping 3 packages? > e.g. icedove/iceweasel (insecure), icedove/iceweasel(nonprism/non-free > protocols facebook and crapware removed), and iceweasel/icedove-hardened > (which contain actual hardening and some resistance against fingerprinting.) [libre] iceweasel/icedove (insecure) [nonprism] iceweasel-hardened icedove-hardened Could this be installed side by side? This way users could try running `iceweasel-hardened` and use just `iceweasel` where needed. Or maybe using a `iceweasel` (hardened) and `iceweasel-without-privacy` where needed. A logo and a warning on installation could help make people aware of this options. > 4) Should iceweasel/icedove-hardened be kept in [pcr] or moved back to > [nonprism] when/if nonprism is re-defined to include hardening? I vouch for Yes. > I think it is the expectation of Parabola's privacy repo to provide the > most secure/privacy respecting packages, even if that means breaking > some features. However, for a reasonable compromise a voluntary meta > package seems like the best option. +1 _______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
