On Thu, 11 Oct 2018, Ben Caradoc-Davies wrote:
> On 11/10/2018 11:36, bw wrote:
> > On Thu, 11 Oct 2018, Ben Caradoc-Davies wrote:
> > > On 11/10/2018 11:15, bw wrote:
> > > > How exactly do you think stretch users should run an adblocker when all
> > > > the xul-ext-* extensions are now broken?
> > > I see that there is a webext-ublock-origin for sid but I have never used
> > > it:
> > > https://packages.debian.org/sid/web/webext-ublock-origin
> > p.s. and I use stable, because it is stable, not sid, which is unstable.
> > thanks anyway but I think your advice is a little dubious.
>
> My point is not that you should use unstable, but that the evidence on sid
> suggests that webext-* packages are coming to stable ... when stable is called
> buster. I did not see any webext-* packages in stretch-backports. The
> workaround is to install them directly from upstream via Firefox.
>
> I agree that it is sad that Firefox on stretch has been upgraded to break the
> xul-ext-* packages before webext-* packages are available. Unfortunately
> Debian is wedged between upstream dropping support for xul-ext-* extensions in
> ESR 60 and the end of life of ESR 52. You do want security patches, don't you?
> I think that ESR 60 with unpackaged extensions is the lesser evil. Normal
> service will likely be resumed in buster.
>
> Kind regards,
>
> --
> Ben Caradoc-Davies <b...@transient.nz>
> Director
> Transient Software Limited <https://transient.nz/>
> New Zealand
>
>
I agree with this opinion, and also what Dan Ritter replied. Firefox is
now unreliable on stretch and should be avoided. Security updates to a
browser that crashes with strange processes named "Web Content" aren't
really all that secure are they?
Why not just remove the package from stretch if it is insecure, or since
it relies on pkgs from outside the repo, should it be moved to "contrib"
until buster is released and we have working extensions?