[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#68361: Mozzarella may list non-free add-ons
From: |
Clément Lassieur |
Subject: |
bug#68361: Mozzarella may list non-free add-ons |
Date: |
Wed, 10 Jan 2024 17:44:54 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) |
On Wed, Jan 10 2024, bug-gnuzilla--- via GNUzilla bug reports wrote:
> Hi,
>
> I learned about Mozzarella from social media, so I missed
> the official announcement of how it is curated,
> i.e. automatically or manually added entries.
>
> Either way, I spotted ff2mpv being listed
> although it is published under a non-free license:
> https://raw.githubusercontent.com/woodruffw/ff2mpv/master/LICENSE
>
> The Firefox add-on page still shows the original Expat license though,
> so Mozzarella inherit this metadata.
>
> I think cases like this are rare enough to not demand a web UI
> to report extensions add-ons accidentally listed on Mozzarella,
> but there should be a mechanism to manually remove it
> from the repository to avoid misleading users into installing
> proprietary software.
>
> BTW all Mozzarella pages have an empty <title>, which makes it difficult
> to browse multiple extensions in different tabs/windows.
>
> Kind regards,
> Phong
Hi,
I think this is an issue indeed. But there is another one that is more
serious: even if we remove ff2mpv from Mozzarella, all users who have it
installed will have new updates pulling the non-free code forever.
A possible fix would be to change the source of the add-ons, from
addons.mozilla.org to Guix
(e.g.
file:///gnu/store/dxck0g51w8kzmzdn1nx97dsnp78jq4sv-ublock-origin-1.54.0-xpi/lib/mozilla/extensions/uBlock0.firefox.xpi).
That would require us to sign our add-ons though. I don't know how
feasible it is.
Clément