<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 10/07/2016 10:20 AM, André Silva
wrote:<br>
</div>
<blockquote
cite="mid:ae19c93b-46c5-dd2d-be24-eb1fc8f61b58@riseup.net"
type="cite">
<pre wrap="">On 10/04/2016 06:02 PM, fauno wrote:
</pre>
<blockquote type="cite">
<pre wrap="">IMO privacy related changes to packages that don't break things should
be applied to any package, so +1 to backport them to [libre] and [pcr]!
</pre>
</blockquote>
<pre wrap="">
In my opinion, [nonprism] should be optional since it was created to
remove a lot of services that uses global data surveillance programs
like PRISM [0], XKeyscore [1] and Tempora [2] (eg. Facebook, Twitter,
etc) from our apps (eg. nonprism version of pidgin only works with XMPP
and IRC). I suppose there are users would use those services from our
apps since it is not a GNU FSDG mandatory requirement to remove them.
Otherwise, iceweasel/icedove nonprism packages have various patches to
increase not just privacy, but yes security too (eg: iceweasel allows
whitelisting/blacklisting domains for purposes of cookies, popups, and
addon notifiers. With those hardening/security features, iceweasel
nonprism version loads, these lists revert to default settings, causing
all user-made changes to be lost [3] and a lot of websites doesn't works
[4])
Since it are hardening/security features like Grsecurity for our
Linux-libre kernels, i propose:
a) Backport **only** privacy features from iceweasel/icedove nonprism
version created from those patches to libre ones to increase privacy but
without break things or services.
b) Use those hardening/security patches from iceweasel/icedove nonprism
version and push them to new packages called iceweasel-hardening and
icedove-hardening in [libre] as optional way for all users similar than
our kernels (eg. linux-libre and linux-libre-grsec)
c) Remove nonprism iceweasel/icedove packages in [nonprism] because we
will have iceweasel-hardening and icedove-hardening and otherwise it
will solve this consensus :P
[0]:<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/PRISM_(surveillance_program)">https://en.wikipedia.org/wiki/PRISM_(surveillance_program)</a>
[1]:<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/XKeyscore">https://en.wikipedia.org/wiki/XKeyscore</a>
[2]:<a class="moz-txt-link-freetext" href="https://en.wikipedia.org/wiki/Tempora">https://en.wikipedia.org/wiki/Tempora</a>
[3]:<a class="moz-txt-link-freetext" href="https://labs.parabola.nu/issues/1113">https://labs.parabola.nu/issues/1113</a>
[4]:<a class="moz-txt-link-freetext" href="https://labs.parabola.nu/issues/1114">https://labs.parabola.nu/issues/1114</a>
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Dev@lists.parabola.nu">Dev@lists.parabola.nu</a>
<a class="moz-txt-link-freetext" href="https://lists.parabola.nu/mailman/listinfo/dev">https://lists.parabola.nu/mailman/listinfo/dev</a>
</pre>
</blockquote>
<p><br>
I just noticed that by moving the nonprism edition to to testing
it causes pacman to update to libre edition.<br>
</p>
<p>I additionally noticed that p<u>roxy settings are wiped and
setting a proxy does not work with this version</u>:<br>
<u>icedove 1:45.4.0.deb1-1</u></p>
<p>As it is a possible security vulnerability to those using a
proxy, users should be advised of this issue...</p>
<p>We also still never determined by consensus how to deal with this
issue. <br>
</p>
<p>I think that <i>your-privacy</i> package should encourage users
to use icedove-hardened or nonprism editions.<br>
</p>
<p>Consensus still needed!<br>
</p>
</body>
</html>