Re: [Bug-gnuzilla] IceCat 38.3.0 release

[Dimitris Arvanitis]

Dear Ivan,

thank you for your detailed analysis, in which you obviously put much
effort. If hope it will be awarded by a clear statement by the
maintainer where he sees the future of IceCat.

Best regards,
Dimitris


Am Mittwoch, den 14.10.2015, 16:43 -0700 schrieb Ivan Zaigralin:
> First of all, thanks for fixing the spyblock bug where custom filters
> would not work. I've got zero feedback when I reported it, so it was a
> pleasant surprise.
> 
> Get ready for another angry rant. Once again, I yell because I care,
> because I believe users must have an alternative software source to
> Mozilla, which is now not to be trusted, and icecat is pretty close to
> an optimal answer. I am a long-standing user and also a maintainer of
> the SlackBuild, which is a source-based distribution way in Slackware
> derivatives, so please take my frustrated yells as signs of <3
> 
> OK.
> 
> There is a reason, I think, why users like maestro curse at this project
> and its maintainers every now and then, and here's what I think is the
> problem. Please note I am not at all endorsing or excusing the that kind
> of trolling, but I really wish that devs would stop for a second and
> look at the likely causes of the obvious user frustration.
> 
> In my humble opinion, the priorities need an adjustment. One of the
> HIGHEST priorities for web browser users is staying on top of the
> security patches, so every time the concern for the "new features"
> results in skipped releases, the users are gnashing their teeth and
> thinking about jumping ship and just customizing the heck out of the
> stock Firefox. The official goal #1 is to produce a FREE browser, but
> this goal is in jeopardy whenever the browser falls behind, since it
> almost ENSURES that MANY users will be running non-free software such as
> viruses and trojans, and that WITHOUT even knowing.
> 
> On the technical side, I want to bring up once more what I see as a very
> mistaken move, which is the inclusion of addons. I hope to convince if
> not the devs than at least other package maintainers like me, who
> prepare icecat for distribution within a paricular OS. Starting with
> this release, I am cutting all the addons, and I strongly urge all the
> involved parties (including devs) here to do the same. I am doing this
> precisely to improve the user experience and to make icecat and its
> signature addons more popular, and here are some reasons why including
> addons is a REALLY BAD idea.
> 
> (1) Since gnuzilla does not test addons and occasionally gives silent
> treatment to bug reports in addons, including the ones produced
> in-house, it should not distribute them. A common pattern seems to be
> when users install icecat, they immediately run into an addon bug, and
> give up. Here's my experience with a 38.3.0 and a VIRGIN profile:
> duckduckgo does not work, asks to turn on javascript. I check settings,
> javascript is on. This is already a show-stopping bug. I check LibreJS
> (and how would a NEW user know that?), enable all that page, it reloads
> and... still DOES NOT WORK, it's blank. I check librejs again,
> everything is enabled. I try google maps, and the outcome is exactly the
> same. Yes, maestro is a troll, but I think his emotional state is a
> perfectly predictable consequence of the browser JUST NOT WORKING.
> 
> (2) Addons were intended to receive security updates independently from
> the browser or the OS, but when we package icecat into GNU/Linux
> distributions, the pre-added addons end up in the distro channel, so
> they update only when users get around updating the OS. This is
> suboptimal. The only addons which belong in the OS channel are the
> OS-related addons, such as "Ubuntu Integration" or whatnot. Everything
> else must go. Then there are users who get icecat directly from
> gnuzilla, and they get addon updates only when they get around updating
> the browser, which is slightly less bad. But the lazy release schedule,
> which seems to be the norm, confounds this problem a lot.
> 
> (3) Why does gnuzilla think they know best about which addons user
> should run? What if I want to run a different fork of adblock, not the
> spyblock? Not many users know these forks are INCOMPATIBLE, so
> installing a different blocker will break things. In effect, gnuzilla is
> forcing its users to maintain gnuzilla's faulty package, as if users
> didn't waste enough time maintaining addons they themselves installed.
> 
> (3.1) Forgive me for being blunt, but whose bright idea was it to
> distribute blocklists along with spyblock? Do you realize you are
> censoring the web without asking for explicit consent? Notice that good
> adblockers (the addons themselves) do not do that, because USERS are the
> only ones in the position to decide what is an unwanted ad. They offer a
> choice of blocklists upon install, and taking this step out is meddling
> edging on censorship.
> 
> (3.2) LibreJS in particular is basically nagware. Ostensibly, it should
> help users to nag at web designers, but all it actually accomplishes is
> nagging the users. As I explained before, it is 0% effective, since it
> cannot possibly check whether javascript code is free. The only good way
> to check that is to (a) authenticate the script source (b) check it
> against the list of authorized free software sources. What makes THAT
> script likely to be free is the tendency of users to put their trust in
> ethical software sources such as FSF, Trisquel, FreeSlakc, etc. The
> presence of a license boilerplate has not a JACK to do with ANYTHING,
> and I frankly cannot believe this useless addon is still being bundled.
> 
> So here is a specific proposal:
> 
> (i) All currently bundled addons should go into the common directory,
> none should be installed by default. Until this is done, the browser
> will be bloated and unstable, and curses will fly thick. This will also
> free the devs' hands to work on the long-neglected goal of making new
> releases prompt and secure.
> 
> (ii) Even in the addon directory, no adblocker should be bundled with
> blocklists.
> 
> (iii) The free addon directory which shows up at about:addons should
> contain a simple "get started" list saying which addons are essential
> for user freedom and why, and (IMHO) this list should omit LibreJS until
> it's shown to do something useful.
> 
> On 10/12/2015 09:05 PM, Rubén Rodríguez wrote:
> > GNUzilla is the GNU version of the Mozilla suite, and GNU IceCat is the
> > GNU version of the Firefox browser. Its main advantage is an ethical
> > one: it is entirely free software. While the Firefox source code from
> > the Mozilla project is free software, they distribute and recommend
> > non-free software as plug-ins and addons. Also their trademark license
> > restricts distribution in several ways incompatible with freedom 0.
> > https://www.gnu.org/software/gnuzilla/
> > 
> > The user manual pages are at http://libreplanet.org/wiki/Group:IceCat/
> > You can contribute by joining the wiki and editing the manuals.
> > 
> > Source tarballs, binaries for generic GNU/Linux systems and translations
> > are available at http://ftp.gnu.org/gnu/gnuzilla/38.3.0/
> > GPG key ID:D7E04784 GNU IceCat releases
> > Fingerprint: A573 69A8 BABC 2542 B5A0  368C 3C76 EED7 D7E0 4784
> > https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=gnuzilla
> > 
> > This is a major release upgrade following the Extended Support Release
> > upstream cycle, moving from v31.x-ESR to v38.x-ESR. All the features in
> > previous releases have been preserved, along with extra polish and
> > improvements in privacy.
> > 
> > == Changes since v31.8.0-gnu2 ==
> >  * Rebased to v38.x
> >  * Updated to v38.3.0ESR
> >  * LibreJS updated to 6.0.10.20150620
> >  * HTTPS-Everywhere updated to 5.1.1
> >  * HTML5 Video Everywhere updated to 0.3.3
> >  * Added more privacy settings and crypto hardening
> >   - Disabled battery handling in dom
> >   - Disabled sensor handling in dom
> >   - Disable face detection and autofocus controls
> >   - Disabled DNS prefetch
> >   - Disabled ssl/tls protocols that are useless or too weak
> > 
> > 
> > 
> > --
> > http://gnuzilla.gnu.org
> > 
> 
> --
> http://gnuzilla.gnu.org

signature.asc
Description: This is a digitally signed message part