On Wed, Jan 10 2024, Clément Lassieur wrote: > On Wed, Jan 10 2024, bug-gnuzilla--- via GNUzilla bug reports wrote: > >> Hi, >> >> I learned about Mozzarella from social media, so I missed >> the official announcement of how it is curated, >> i.e. automatically or manually added entries. >> >> Either way, I spotted ff2mpv being listed >> although it is published under a non-free license: >> https://raw.githubusercontent.com/woodruffw/ff2mpv/master/LICENSE >> >> The Firefox add-on page still shows the original Expat license though, >> so Mozzarella inherit this metadata. >> >> I think cases like this are rare enough to not demand a web UI >> to report extensions add-ons accidentally listed on Mozzarella, >> but there should be a mechanism to manually remove it >> from the repository to avoid misleading users into installing >> proprietary software. >> >> BTW all Mozzarella pages have an empty <title>, which makes it difficult >> to browse multiple extensions in different tabs/windows. >> >> Kind regards, >> Phong > > Hi, > > I think this is an issue indeed. But there is another one that is more > serious: even if we remove ff2mpv from Mozzarella, all users who have it > installed will have new updates pulling the non-free code forever. > > A possible fix would be to change the source of the add-ons, from > addons.mozilla.org to Guix > (e.g. > file:///gnu/store/dxck0g51w8kzmzdn1nx97dsnp78jq4sv-ublock-origin-1.54.0-xpi/lib/mozilla/extensions/uBlock0.firefox.xpi).
Sorry my link is wrong. That would be https://bordeaux.guix.gnu.org/nar/lzip/dxck0g51w8kzmzdn1nx97dsnp78jq4sv-ublock-origin-1.54.0-xpi. But it wouldn't work right away anyway because the format is not correct. > That would require us to sign our add-ons though. I don't know how > feasible it is. > > Clément
