From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id kN8sGFi0yGBxNAEAgWs5BA (envelope-from ) for ; Tue, 15 Jun 2021 16:08:24 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 4Cl0E1i0yGDsagAA1q6Kng (envelope-from ) for ; Tue, 15 Jun 2021 14:08:24 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id B032226A79 for ; Tue, 15 Jun 2021 16:08:21 +0200 (CEST) Received: from localhost ([::1]:38058 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lt9jm-0005RQ-QV for larch@yhetil.org; Tue, 15 Jun 2021 10:08:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33660) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lt9T4-0004EF-CB for bug-guix@gnu.org; Tue, 15 Jun 2021 09:51:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:37234) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lt9T4-0001D3-2m for bug-guix@gnu.org; Tue, 15 Jun 2021 09:51:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lt9T4-00022O-2U for bug-guix@gnu.org; Tue, 15 Jun 2021 09:51:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender Resent-From: Leo Famulari Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 15 Jun 2021 13:51:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 49029 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 49029@debbugs.gnu.org X-Debbugs-Original-To: "Jorge P. de Morais Neto via Bug reports for GNU Guix" X-Debbugs-Original-Cc: 49029@debbugs.gnu.org Received: via spool by 49029-submit@debbugs.gnu.org id=B49029.16237650057745 (code B ref 49029); Tue, 15 Jun 2021 13:51:02 +0000 Received: (at 49029) by debbugs.gnu.org; 15 Jun 2021 13:50:05 +0000 Received: from localhost ([127.0.0.1]:48777 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lt9S0-000204-Tj for submit@debbugs.gnu.org; Tue, 15 Jun 2021 09:50:05 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:58291) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lt9Ru-0001zW-7F for 49029@debbugs.gnu.org; Tue, 15 Jun 2021 09:49:50 -0400 Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.nyi.internal (Postfix) with ESMTP id 1AE075C01C5; Tue, 15 Jun 2021 09:49:45 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute1.internal (MEProxy); Tue, 15 Jun 2021 09:49:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name; h=date:from:to:cc:subject:message-id:references:mime-version :content-type:content-transfer-encoding:in-reply-to; s=mesmtp; bh=UGO5FvbrEOjFbZj1UPWGzWPhlnA4qfeRmRtccVlKf7M=; b=WAu64nVFY3/z C7XI8rSPtfW210CrOJgM5DJnoD/Knu/qy4FC19d9jjAWy/MmKwwViyOgwZzO1cQN IvrgtOd0yZH/oWErTGleL3DFxNT6kvHo+XSRZWviUNQX27eusFJDNt0cNIbV2Eiu liTRonGc8QFvhKb9JXd4NGlu/nNW9cs= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; bh=UGO5FvbrEOjFbZj1UPWGzWPhlnA4qfeRmRtccVlKf 7M=; b=OBIrtIvuuLhC/djlWAYKCQ9+V1paqop793vUC4yH7zaO+2UT8Jyf0ci4F +irYnCq8yjCeGqAIM11G+AemHiAY30TYRw3mRainT1536Vah7vhZVPNjJVAQb1Np UPM6yETWhD4QMh5oSi3FrlioQv5OBivua5SLy15bGCZ9znLmq535g7IgHyEAW19b pRlQnQrFp23i3Asv4zKwuwPR+bsimOGygjlT0UAE2pLGkehvLpD2MNAi5EBXIPjk HfjfKOiZiivmygQ3udxWlaKai6km0IpANdMoAe3+MgqgC7n6zrBQzkEeoCvxgJYu I8aYDbymg5IpLayrARl21IL/MMZwA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledrfedvjedgjedtucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepfffhvffukfhfgggtugfgjgesthekredttddtudenucfhrhhomhepnfgvohcu hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth htvghrnhepvdfgffelkedvkeeivdfhfedvtdevgedvheffjeeutdetvddtveeliefhleeu gfefnecuffhomhgrihhnpegthhhrohhmihhumhdrohhrghdpghhnuhdrohhrghenucevlh hushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrghm uhhlrghrihdrnhgrmhgv X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue, 15 Jun 2021 09:49:44 -0400 (EDT) Date: Tue, 15 Jun 2021 09:49:43 -0400 From: Leo Famulari Message-ID: References: <87k0mwdtk0.fsf@disroot.org> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <87k0mwdtk0.fsf@disroot.org> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1623766104; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=UGO5FvbrEOjFbZj1UPWGzWPhlnA4qfeRmRtccVlKf7M=; b=BP4zcatKvl7pimJnvn/u0RZh23Cu8Ejnwj8V6hPbZNFwlpOv+jNgUfIiffB3I00qgLpQ1r JPKS0oDIQilFXVbOjmkhtIbmCXft05Xrlj8YXiUrRi8g19FAoi3bYLkWsygRuNphpzIsns QqSoMtJ457qs3IpGjfvieXSEWXujPtJHecbGNVQcZdmN2biJGIFjJOy3d1jqr7xcyEg76I /LoFhrk/SHg8bPgQH+WJlUtPL6ydAWaA2AVORJnjjV62F7L8PA+6r5PCGQZBfvAzSHYBl1 hKFqACC1axmn4Bfg0BNGQWldt21L1g48Y3PYmIPpEbmdd/eazQGI69yPA9WpVQ== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1623766104; a=rsa-sha256; cv=none; b=fVuYkgUdlvpbZjcCSytlG/FlY0taqk53PQsVwHOONIatL3iqMCLyE2vZ1FrjggS+6wVtHl 7oBaWP3jif7X6iaIBV0Ig5KzBJBkGvrooRrEZs2iyVBiFqW2gVukxWN4HHTP20jjmqz5Z2 l9lWsIuVsc2l7TASGoFHZnFt8DJVucO4IOSglTAGwNPGbbyHHFAqoweZQbellij1jksnh9 Bd9VxwRfJx9/MeVWh2SNorUV9h3NFzhXe757xrZ9qNMies1wSWhQZjVkL5R0xGWFGsApwP o+tvd+x9f+OoOql0eiSW1gZI0wldRG461cVm47zqT3CxTBhbXXktPv/Ag1V3nA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=WAu64nVF; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=OBIrtIvu; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Spam-Score: -1.43 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=WAu64nVF; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=OBIrtIvu; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: B032226A79 X-Spam-Score: -1.43 X-Migadu-Scanner: scn0.migadu.com X-TUID: vD98ENDt4EQP On Mon, Jun 14, 2021 at 06:29:03PM -0300, Jorge P. de Morais Neto via Bug reports for GNU Guix wrote: > Hi. I use Guix atop Debianš testing (currently bullseye). > > I normally browse the web on GNU IceCat and sometimes Firefox and > Emacs EWW. I only use (ungoogled-)chromium for the rare websites that > don't work on the other browsers. Long ago I installed in Chromium the > extension The Great Suspender, and only today (months after G$$gle > Chrome, according to news articles) did my Chromium disable it for > having malware. And the only Chromium that did that for me was > Debian's. > > So, I hypothesize that the ungoogling process has disabled Chromium's > ability to automatically disable malware extensions. If true, that is a > serious defect of ungoogled-chromium and Guix should make sure that > users at least know about it. There could be a warning in the Guix > package description *and* on the browser's start page. Chromium is a program that is meant to be "evergreen". Version numbers are not highlighted to the user and the software is supposed to update itself, quickly and often. It's like a "rolling release" just for that program. A variant of the package that blocks communication to Google and requires one of us to update it is, if you trust the Chromium team, categorically less up-to-date than a "normal Chromium" downloaded directly from chromium.org, and thus also less "secure", as you've seen. I don't know exactly how the "disable malware extensions" mechanism works, but it's likely that the "ungoogling" disables the possibility that it can happen quickly, outside of full program updates. It's a tradeoff we (have to?) make to offer a variant of Chromium that is judged acceptable by us under the Free System Distribution Guidelines, which Guix follows: https://www.gnu.org/distros/free-system-distribution-guidelines.en.html Personally I use the "regular" variants of browsers, that talk directly to the "motherships" of Google and Mozilla, for that reason. By the way, the Debian testing branch is the last to receive security updates, and in general has no guarantee of fast security updates. If you want to use a Debian with more up-to-date software than the stable branch and also are concerned about your security, you might consider using Debian sid.