On Wed, Jan 10 2024, bug-gnuzilla--- via GNUzilla bug reports wrote: > Hi, > > I learned about Mozzarella from social media, so I missed > the official announcement of how it is curated, > i.e. automatically or manually added entries. > > Either way, I spotted ff2mpv being listed > although it is published under a non-free license: > https://raw.githubusercontent.com/woodruffw/ff2mpv/master/LICENSE > > The Firefox add-on page still shows the original Expat license though, > so Mozzarella inherit this metadata. > > I think cases like this are rare enough to not demand a web UI > to report extensions add-ons accidentally listed on Mozzarella, > but there should be a mechanism to manually remove it > from the repository to avoid misleading users into installing > proprietary software. > > BTW all Mozzarella pages have an empty <title>, which makes it difficult > to browse multiple extensions in different tabs/windows. > > Kind regards, > Phong
Hi, I think this is an issue indeed. But there is another one that is more serious: even if we remove ff2mpv from Mozzarella, all users who have it installed will have new updates pulling the non-free code forever. A possible fix would be to change the source of the add-ons, from addons.mozilla.org to Guix (e.g. file:///gnu/store/dxck0g51w8kzmzdn1nx97dsnp78jq4sv-ublock-origin-1.54.0-xpi/lib/mozilla/extensions/uBlock0.firefox.xpi). That would require us to sign our add-ons though. I don't know how feasible it is. Clément
