From: Leo Famulari <leo@famulari.name>
To: 49029@debbugs.gnu.org
Subject: bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender
Date: Tue, 15 Jun 2021 09:49:43 -0400 [thread overview]
Message-ID: <YMiv99V9CoQ3cThr@jasmine.lan> (raw)
In-Reply-To: <87k0mwdtk0.fsf@disroot.org>
On Mon, Jun 14, 2021 at 06:29:03PM -0300, Jorge P. de Morais Neto via Bug reports for GNU Guix wrote:
> Hi. I use Guix atop Debian¹ testing (currently bullseye).
>
> I normally browse the web on GNU IceCat and sometimes Firefox and
> Emacs EWW. I only use (ungoogled-)chromium for the rare websites that
> don't work on the other browsers. Long ago I installed in Chromium the
> extension The Great Suspender, and only today (months after G$$gle
> Chrome, according to news articles) did my Chromium disable it for
> having malware. And the only Chromium that did that for me was
> Debian's.
>
> So, I hypothesize that the ungoogling process has disabled Chromium's
> ability to automatically disable malware extensions. If true, that is a
> serious defect of ungoogled-chromium and Guix should make sure that
> users at least know about it. There could be a warning in the Guix
> package description *and* on the browser's start page.
Chromium is a program that is meant to be "evergreen". Version numbers
are not highlighted to the user and the software is supposed to update
itself, quickly and often. It's like a "rolling release" just for that
program.
A variant of the package that blocks communication to Google and
requires one of us to update it is, if you trust the Chromium team,
categorically less up-to-date than a "normal Chromium" downloaded
directly from chromium.org, and thus also less "secure", as you've seen.
I don't know exactly how the "disable malware extensions" mechanism
works, but it's likely that the "ungoogling" disables the possibility
that it can happen quickly, outside of full program updates.
It's a tradeoff we (have to?) make to offer a variant of Chromium that
is judged acceptable by us under the Free System Distribution
Guidelines, which Guix follows:
https://www.gnu.org/distros/free-system-distribution-guidelines.en.html
Personally I use the "regular" variants of browsers, that talk directly
to the "motherships" of Google and Mozilla, for that reason.
By the way, the Debian testing branch is the last to receive security
updates, and in general has no guarantee of fast security updates. If
you want to use a Debian with more up-to-date software than the stable
branch and also are concerned about your security, you might consider
using Debian sid.
next prev parent reply other threads:[~2021-06-15 14:08 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 21:29 bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender Jorge P. de Morais Neto via Bug reports for GNU Guix
2021-06-15 13:49 ` Leo Famulari [this message]
2021-06-15 14:40 ` Leo Prikler
2021-06-15 16:59 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2021-06-16 16:31 ` Leo Famulari
2021-06-16 16:33 ` Leo Famulari
2021-06-16 21:09 ` Marius Bakke
2021-06-16 22:17 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-04 4:55 ` Maxim Cournoyer
2022-01-06 11:34 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-06 13:46 ` Maxim Cournoyer
2022-01-07 0:09 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-07 18:09 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMiv99V9CoQ3cThr@jasmine.lan \
--to=leo@famulari.name \
--cc=49029@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).