From: Leo Famulari <leo@famulari.name>
To: "Jorge P. de Morais Neto" <jorge+list@disroot.org>
Cc: 49029@debbugs.gnu.org
Subject: bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender
Date: Wed, 16 Jun 2021 12:31:20 -0400 [thread overview]
Message-ID: <YMonWL1HpXfV8r+6@jasmine.lan> (raw)
In-Reply-To: <87czsndpxb.fsf@disroot.org>
On Tue, Jun 15, 2021 at 01:59:44PM -0300, Jorge P. de Morais Neto wrote:
> I can accept a reasonable trade-off, but I still believe this should be
> actively communicated to users. It is not obvious. If had known that
> before, I would certainly have been more careful with extensions.
> Indeed, now that I know, I have not only deleted my old
> (ungoogled-)Chromium profile, but also, on the new profile, I installed
> only HTTPS Everywhere and Privacy Badger extensions. I have also
> changed an important password that I remember having used on the
> malware-infected Chromium.
That trade-off applies for everything we package: in general, Guix
packages will be less up to date than what upstream offers, and thus
probabilistically more buggy and, based on your threat model, they may
be "less secure". It's the same for any distro.
But, the situation is exacerbated for Chromium, which is developed very
rapidly and has the most complete and advanced security posture of
probably any program in use right now. I guess that's what hundreds of
billions of dollars in annual revenue can buy.
Chromium, and web browsers in general, also have the most dire security
exposure, because most computer users do *everything* in their browser,
and because they are used to interact with untrusted data (the
internet). Chrome / Chromium is the "juiciest" target for attackers.
next prev parent reply other threads:[~2021-06-16 16:40 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 21:29 bug#49029: ungoogled-chromium failed to disable malware extension The Great Suspender Jorge P. de Morais Neto via Bug reports for GNU Guix
2021-06-15 13:49 ` Leo Famulari
2021-06-15 14:40 ` Leo Prikler
2021-06-15 16:59 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2021-06-16 16:31 ` Leo Famulari [this message]
2021-06-16 16:33 ` Leo Famulari
2021-06-16 21:09 ` Marius Bakke
2021-06-16 22:17 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-04 4:55 ` Maxim Cournoyer
2022-01-06 11:34 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-06 13:46 ` Maxim Cournoyer
2022-01-07 0:09 ` Jorge P. de Morais Neto via Bug reports for GNU Guix
2022-01-07 18:09 ` Maxim Cournoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YMonWL1HpXfV8r+6@jasmine.lan \
--to=leo@famulari.name \
--cc=49029@debbugs.gnu.org \
--cc=jorge+list@disroot.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).