[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Feature request
|
From: |
bill-auger |
|
Subject: |
Re: Feature request |
|
Date: |
Wed, 19 Jun 2024 14:47:20 -0400 |
On Wed, 19 Jun 2024 08:06:49 +0200 chippy wrote:
> As in "accept JS without free software license as long as it does not
> fall into the dangerous category".
that would really go against the main principle of GNU - it would be conceding
that some non-free software is acceptable and desirable - GNU does not accept
non-free software for any reason; and free software is not necessarily "safe" -
those are very different and orthogonal properties which software can have, and
should not be conflated
all software is equally dangerous if you do not know and trust the author, or
you or a person whom you trust does not read it and understand it - there is no
way for any program to determine what is dangerous or non-dangerous; because
computers do not understand anything - even if they could, the category itself
is subjective - anything that you consider to be "dangerous", someone else may
not
librejs blocks all non-trivial scripts, unless they are licensed properly -
that is, it allows unlicensed scripts to run, only if they are so trivial that
they could not possibly be dangerous by anyone's estimation (no DOM reads, no
network access, etc)
so the best answer to the question is "yes, librejs already does that, as
best as any program reasonably can" - it really can not do more without a
person reading the source code (if it is readable - most web software is not)
and then deciding what is "dangerous" or not - that person is each user; because
the librejs maintainers can not possibly read every script that every user may
come across in the wild
On Wed, 19 Jun 2024 08:06:49 +0200 chippy wrote:
> often the JS files have random names and they change over time, so if I
> whitelist a script now it is likely that I will have to whitelist it over and
> over because of the random name changes.
that hassle is not a deficiency in librejs - it is likely that the website you
are trying to use, is trying to prevent you from blocking its scripts - you
really should not want to accept them - the annoying ones are no less
intrinsically dangerous than the ones that you can sweep under the rug quietly
if your intention is simply to run javascript on only certain websites,
regardless if it is libre or not, then a very simple way to accomplish that is
to use two different web browsers - one that can run JS and the other that can
not - then you would not need librejs