I had been reluctant to use Firefox spinoffs because I had worried about their likely lack of timely bug and (especially) security fixes. But this disaster, coupled with the declining power-user-friendliness of post-XUL versions of Firefox (even ESR), sort of moot that issue for me.
P.s. Waterfox apparently is equally as Open Source as Firefox, but where is the source kept? I didn't see any obvious source download link (but I thought I saw a GitHub reference). On Mon, 6 May 2019 00:04:29 -0300 Artur Quaglio <www.art...@gmail.com> wrote: > That is one of the raisons d'etre of Waterfox. It's Firefox, but with > the power in the user's hands. > > On Sun, May 5, 2019 at 11:19 PM Paul Kosinski <mozi...@iment.com> > wrote: > > > I am appalled and dismayed by what has happened to Firefox in the > > past years. It has gone from being the obviously best browser to > > being unpleasant -- and now, sufddenly, even dangerous -- to use. > > > > We use Firefox for two main reasons, it's Open Source, which give me > > more confidence that it can be trusted, and it has the NoScript > > Add-on, which adds security to browsing sessions. > > > > What just happened with NoScript is, in my judgment, a security > > *emergency*, not a mere security bug. Security bugs in a new > > version of software can often be avoided by reverting to the > > previous version. That does not seem to apply here, as it is not a > > bug in a new version of Firefox, but a bug in the Mozilla > > infrastructure. > > > > On Saturday May 4, it was stated that Mozilla is working on a fix. > > However, my running instance of NoScript was disabled on Sunday May > > 5. This indicates that Mozilla does not view this as an emergency, > > but as an annoyance. It is hard to think of any analogs to this > > situation: it's on the order of a Windows Update that cripples the > > OS. > > > > Granted, Mozilla then published a workaround that suggested setting > > "xpinstall.signatures.required" to "false" in "about:config", but > > that hardly compensates for the fact that suddenly and without > > warning *all* Javascript is enabled in active browsing sessions, > > putting private information at risk. (And users of the Firefox > > derivative TOR might possibly even have their lives endangered.) > > > > Also, in my opinion, the requirement that Add-ons be signed by > > Mozilla is a violation of the intent of Open Source software if not > > of the details of the MPL (and other Open Source licenses). Because > > it disallows arbitrary Add-ons, it removes final control of Firefox > > from the hands of the user and places it in the hands of Mozilla. > > It also makes Firefox unsuitable for organizations which wish to > > develop proprietary Add-ons which they either do not want revealed > > to Mozilla or perhaps even are legally forbidden to reveal them. > > (And the idea that nightly builds or local builds could be used is > > usually impractical or even legally forbidden for such > > organizations.) > > > > A much better approach would be something along the lines of the way > > Firefox handles normal HTTPS certificate problems, such as expired, > > or no chain of trust. Running or installing an Add-on which is not, > > or no longer, "properly" signed should give rise to a stern > > warning, and then allow the user to proceed to use the Add-on > > temporarily or even add a permanent exception. And, since some > > organizations might not want users to run unsigned Add-ons, there > > should be a "policy" mechanism to prevent that. In conjunction with > > this, there should be a way to allow local signing of Add-ons > > private to the organization. (The Firefox or OS certificate > > mechanism must already handle this sort of thing.) > > > > P.S. The details reported in the article at > > > > https://www.zdnet.com/article/mozilla-announces-ban-on-firefox-extensions-containing-obfuscated-code/ > > suggest that Mozilla's latest policies are moving further away from > > allowing the user or organization to control their own browser -- > > all in the name of "security" of course. > > > > ---------------- > > > > On Sat, 4 May 2019 09:29:22 +0200 > > Sylvestre Ledru <sylves...@mozilla.com> wrote: > > > > > Hello, > > > > > > Le 04/05/2019 à 03:15, Stephen Carville (Mozilla List) a écrit : > > > > What the heck just happened? I was informed in the middle of a > > > > session that that No Script and Blur are no longer compatible > > > > with Firefox. Now all my add-ons except Web Developer are > > > > disabled. > > > > > > This is probably this issue > > > https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 and we are > > > working on a fix. > > > > > > Sylvestre _______________________________________________ Enterprise mailing list Enterprise@mozilla.org https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to enterprise-requ...@mozilla.org with a subject of "unsubscribe"