[Dev] [consensus] Features vs. Privacy in nonprism repo

Luke g4jc at openmailbox.org
Fri Oct 14 03:30:15 GMT 2016

On 10/07/2016 10:20 AM, André Silva wrote:
> On 10/04/2016 06:02 PM, fauno wrote:
>> IMO privacy related changes to packages that don't break things should
>> be applied to any package, so +1 to backport them to [libre] and [pcr]!
> In my opinion, [nonprism] should be optional since it was created to
> remove a lot of services that uses global data surveillance programs
> like PRISM [0], XKeyscore [1] and Tempora [2] (eg. Facebook, Twitter,
> etc) from our apps (eg. nonprism version of pidgin only works with XMPP
> and IRC). I suppose there are users would use those services from our
> apps since it is not a GNU FSDG mandatory requirement to remove them.
> Otherwise, iceweasel/icedove nonprism packages have various patches to
> increase not just privacy, but yes security too (eg: iceweasel allows
> whitelisting/blacklisting domains for purposes of cookies, popups, and
> addon notifiers. With those hardening/security features, iceweasel
> nonprism version loads, these lists revert to default settings, causing
> all user-made changes to be lost [3] and a lot of websites doesn't works
> [4])
> Since it are hardening/security features like Grsecurity for our
> Linux-libre kernels, i propose:
> a) Backport **only** privacy features from iceweasel/icedove nonprism
> version created from those patches to libre ones to increase privacy but
> without break things or services.
> b) Use those hardening/security patches from iceweasel/icedove nonprism
> version and push them to new packages called iceweasel-hardening and
> icedove-hardening in [libre] as optional way for all users similar than
> our kernels (eg. linux-libre and linux-libre-grsec)
> c) Remove nonprism iceweasel/icedove packages in [nonprism] because we
> will have iceweasel-hardening and icedove-hardening and otherwise it
> will solve this consensus :P
> [0]:https://en.wikipedia.org/wiki/PRISM_(surveillance_program)
> [1]:https://en.wikipedia.org/wiki/XKeyscore
> [2]:https://en.wikipedia.org/wiki/Tempora
> [3]:https://labs.parabola.nu/issues/1113
> [4]:https://labs.parabola.nu/issues/1114
> _______________________________________________
> Dev mailing list
> Dev at lists.parabola.nu
> https://lists.parabola.nu/mailman/listinfo/dev

I just noticed that by moving the nonprism edition to to testing it
causes pacman to update to libre edition.

I additionally noticed that p_roxy settings are wiped and setting a
proxy does not work with this version_:
_icedove 1:45.4.0.deb1-1_

As it is a possible security vulnerability to those using a proxy, users
should be advised of this issue...

We also still never determined by consensus how to deal with this issue.

I think that /your-privacy/ package should encourage users to use
icedove-hardened or nonprism editions.

Consensus still needed!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161013/1606c71d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20161013/1606c71d/attachment.sig>

More information about the Dev mailing list