https://github.com/MrAlex94/Waterfox
On 07/05/19 08:18, Paul Kosinski wrote: > I had been reluctant to use Firefox spinoffs because I had worried > about their likely lack of timely bug and (especially) security fixes. > But this disaster, coupled with the declining power-user-friendliness of > post-XUL versions of Firefox (even ESR), sort of moot that issue for me. > > P.s. Waterfox apparently is equally as Open Source as Firefox, but where > is the source kept? I didn't see any obvious source download link (but > I thought I saw a GitHub reference). > > > On Mon, 6 May 2019 00:04:29 -0300 > Artur Quaglio <[email protected]> wrote: > >> That is one of the raisons d'etre of Waterfox. It's Firefox, but with >> the power in the user's hands. >> >> On Sun, May 5, 2019 at 11:19 PM Paul Kosinski <[email protected]> >> wrote: >> >>> I am appalled and dismayed by what has happened to Firefox in the >>> past years. It has gone from being the obviously best browser to >>> being unpleasant -- and now, sufddenly, even dangerous -- to use. >>> >>> We use Firefox for two main reasons, it's Open Source, which give me >>> more confidence that it can be trusted, and it has the NoScript >>> Add-on, which adds security to browsing sessions. >>> >>> What just happened with NoScript is, in my judgment, a security >>> *emergency*, not a mere security bug. Security bugs in a new >>> version of software can often be avoided by reverting to the >>> previous version. That does not seem to apply here, as it is not a >>> bug in a new version of Firefox, but a bug in the Mozilla >>> infrastructure. >>> >>> On Saturday May 4, it was stated that Mozilla is working on a fix. >>> However, my running instance of NoScript was disabled on Sunday May >>> 5. This indicates that Mozilla does not view this as an emergency, >>> but as an annoyance. It is hard to think of any analogs to this >>> situation: it's on the order of a Windows Update that cripples the >>> OS. >>> >>> Granted, Mozilla then published a workaround that suggested setting >>> "xpinstall.signatures.required" to "false" in "about:config", but >>> that hardly compensates for the fact that suddenly and without >>> warning *all* Javascript is enabled in active browsing sessions, >>> putting private information at risk. (And users of the Firefox >>> derivative TOR might possibly even have their lives endangered.) >>> >>> Also, in my opinion, the requirement that Add-ons be signed by >>> Mozilla is a violation of the intent of Open Source software if not >>> of the details of the MPL (and other Open Source licenses). Because >>> it disallows arbitrary Add-ons, it removes final control of Firefox >>> from the hands of the user and places it in the hands of Mozilla. >>> It also makes Firefox unsuitable for organizations which wish to >>> develop proprietary Add-ons which they either do not want revealed >>> to Mozilla or perhaps even are legally forbidden to reveal them. >>> (And the idea that nightly builds or local builds could be used is >>> usually impractical or even legally forbidden for such >>> organizations.) >>> >>> A much better approach would be something along the lines of the way >>> Firefox handles normal HTTPS certificate problems, such as expired, >>> or no chain of trust. Running or installing an Add-on which is not, >>> or no longer, "properly" signed should give rise to a stern >>> warning, and then allow the user to proceed to use the Add-on >>> temporarily or even add a permanent exception. And, since some >>> organizations might not want users to run unsigned Add-ons, there >>> should be a "policy" mechanism to prevent that. In conjunction with >>> this, there should be a way to allow local signing of Add-ons >>> private to the organization. (The Firefox or OS certificate >>> mechanism must already handle this sort of thing.) >>> >>> P.S. The details reported in the article at >>> >>> https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/ >>> suggest that Mozilla's latest policies are moving further away from >>> allowing the user or organization to control their own browser -- >>> all in the name of "security" of course. >>> >>> ---------------- >>> >>> On Sat, 4 May 2019 09:29:22 +0200 >>> Sylvestre Ledru <[email protected]> wrote: >>> >>>> Hello, >>>> >>>> Le 04/05/2019 à 03:15, Stephen Carville (Mozilla List) a écrit : >>>>> What the heck just happened? I was informed in the middle of a >>>>> session that that No Script and Blur are no longer compatible >>>>> with Firefox. Now all my add-ons except Web Developer are >>>>> disabled. >>>> >>>> This is probably this issue >>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 and we are >>>> working on a fix. >>>> >>>> Sylvestre > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe" > -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 _______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
