[Dev] [consensus] Features vs. Privacy in nonprism repo

Tue Oct 4 04:48:32 GMT 2016

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Le lun. 3 oct. 2016 à 18:30, Luke <g4jc at openmailbox.org> a écrit :
 > - So this puts the nonprism projects at a crossroads. Do we want to 
favour accessibility and "features" over "privacy"?
 >
 > From my personal opinion, nonprism should provide security and 
privacy by default. Users can choose to opt-out of nonprism if they 
wish. This is easily done by A) not using nonprism, or B) using 
about:config and/or user.js to override the settings.
 > Meanwhile, some users have questioned why nonprism is not on by 
default[5], and I think this is a valid point from a security 
standpoint. Users may be using Parabola under the impression they       
are experiencing the safest possible defaults, and this is currently 
not the case.
[...]
 > Now that everyone is aware of the issues, please discuss. I do not 
feel [nonprism] should become "privacy-lite" and libre become "no 
protection at all".
 >
 > Luke

Agreed.

I'm for having those `nonprism` packages respect the spirit
of the repo they belong to, even if that means breaking
websites that could undermine user privacy. That's exactly
what using `nonprism` entails. The moment you start making
concessions the moment better informed users of `nonprism`
will complain that hardening isn't nearly as good as it
could be. Maybe this is a failure of communication from our
part, but I can't think of a simpler and more instructive
solution than that post-install notice. Users won't even
need to know in advance what they are doing as they activate
the repo --- and I say it with some regret ---.

I'm also for keeping default Parabola as Arch-like an
experience as permitted by the social contract. Translation:
I'd rather keep `nonprism` opt-in.

- --
Isaac David
GPG: 38D33EF29A7691134357648733466E12EC7BA943
Tox: 
0C730E0156E96E6193A1445D413557FF5F277BA969A4EA20AC9352889D3B390E77651E816F0C

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJX8zPzAAoJEDNGbhLse6lDvI4P/1m+ZZDoDsTzcGlaYmdwot5t
xkXTdNFZqPpxc58+aXqfeJfr3W3n9gI+6Ot+43GPCDE1nmtLxLZEOGkPX6FSKm9M
344ljEMaodEJ4f83UwlEayVNjHjNsGP3EeoeH6plg4F98wnNcNkp43AwoVtM4FUD
zqEQa4rPP6bNoPxqnpBJWPtZj5to1lcSvHlK7jQpSPGM7P5Lf59nWlua+HDMXX4Z
ChmTofGk4d0lpjCoIpijuY+Ro8bI/9J+ZEQbNvGbgC6wleUlkk7FKCxIs2OqipMj
tD8D7QQEWdGh3rtnJwXxb7RHGMxpBLeRJeOGM6T4DgfzDV8wMLVPotFPINQPFDnX
jCE5MkvmT3NYCEkHcBelLillu2LmVzT+eL9ae7cnI2VRt576pq9HNz2J8p5uiWbJ
9MKsq8eYrZYiOJ4dcDn0wEYRx9E9pGYhfLKMkr7RrGuuN8hwSyrwBVLLSh4KxBf/
WHN9viToINx2QBkCMJExA+nm8+ZrfNgogMLF1bUuJ2lrSrjCXbD4gC0TJkru0BFB
Bj4iCJcO+mnA33fJqCK2gzmPmNpU6qNHb+1sUaNdowUb8FJaAqbPARWcHHQZ3pVN
guEGAGUhbCO7gUSlv3KJcpQ0ZWvM5wCRRXh5GGMz+TvVE2eg84/KIKVBcy/hEVGF
YLpprMzGDdEmjCKm4j37
=XBno
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161003/03ec2078/attachment.htm>