basilisk-browser

classic Classic list List threaded Threaded
23 messages Options
12
Reply | Threaded
Open this post in threaded view
|

basilisk-browser

basti-3
Hello,
please add basilisk-browser to debian repo.
I think its an good alternative to Firefox Quantum.

More Infos here: https://www.basilisk-browser.org/

Best Regards,

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

tomas@tuxteam.de
On Thu, Oct 18, 2018 at 09:01:21AM +0200, basti wrote:
> Hello,
> please add basilisk-browser to debian repo.

Wrong list :-)

The right way to do it is to file a RFP (== "Request for Package")
bug. The Wiki [1] has more details on that.

If you (or someone else) is interested in that, there's a bit of
legwork you could do in advance:

 - Is it already packaged? (it doesn't seem so, as this search [2]
   suggests)
 - Is its license compatible with Debian's guidelines (DFSG) [3]?
 - Can you build/install it on your Debian box?

Feel free to add to this list :)

> I think its an good alternative to Firefox Quantum.
>
> More Infos here: https://www.basilisk-browser.org/

Indeed, it does look good.

Cheers

[1] https://wiki.debian.org/RFP
[2] https://packages.debian.org/search?keywords=Basilisk&searchon=names&suite=all&section=all
[3] https://www.debian.org/social_contract

-- tomas

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
        Hi.

On Thu, Oct 18, 2018 at 10:02:42AM +0200, [hidden email] wrote:
> > I think its an good alternative to Firefox Quantum.
> >
> > More Infos here: https://www.basilisk-browser.org/
>
> Indeed, it does look good.

No, it does not. UXP means Palemoon Browser.
Palemoon means extremely hostile upstream - [1].

Does Debian project really needs yet another Iceweasel incident?

Reco

[1] https://github.com/jasperla/openbsd-wip/issues/86

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

tomas@tuxteam.de
On Thu, Oct 18, 2018 at 11:49:44AM +0300, Reco wrote:

> Hi.
>
> On Thu, Oct 18, 2018 at 10:02:42AM +0200, [hidden email] wrote:
> > > I think its an good alternative to Firefox Quantum.
> > >
> > > More Infos here: https://www.basilisk-browser.org/
> >
> > Indeed, it does look good.
>
> No, it does not. UXP means Palemoon Browser.
> Palemoon means extremely hostile upstream - [1].
Thanks for the link, very instructive.

That would mean (in the context of Debian) that one would have to
(a) use the Basilisk-bundled libs (generally a no-no in Debian)
or (b) use a different name & brand. Yes, we know this story with
Firefox/Iceweasel. That'd mean that the packaging effort would
be a bit... more interesting.

I think both sides have their point, and the sad part for me is
that they didn't manage to tackle the conflict in a more civil
manner. Perhaps a lesson in humility for us all.

> Does Debian project really needs yet another Iceweasel incident?

What the world needs (badly) is more browser alternatives. I'm
seeing everything converging towards the dystopia where one huge
corporation controls the server and the client. We had that, and
it wasn't pretty; nowadays with smartphones, always-on, IoT and
perhaps worse, we are far more vulnerable to that (business?) model.

Cheers
-- t

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Roberto C. Sánchez-2
On Thu, Oct 18, 2018 at 11:16:54AM +0200, [hidden email] wrote:

> On Thu, Oct 18, 2018 at 11:49:44AM +0300, Reco wrote:
> > Hi.
> >
> > On Thu, Oct 18, 2018 at 10:02:42AM +0200, [hidden email] wrote:
> > > > I think its an good alternative to Firefox Quantum.
> > > >
> > > > More Infos here: https://www.basilisk-browser.org/
> > >
> > > Indeed, it does look good.
> >
> > No, it does not. UXP means Palemoon Browser.
> > Palemoon means extremely hostile upstream - [1].
>
> Thanks for the link, very instructive.
>
Yeah, that was ... something.

> That would mean (in the context of Debian) that one would have to
> (a) use the Basilisk-bundled libs (generally a no-no in Debian)
> or (b) use a different name & brand. Yes, we know this story with
> Firefox/Iceweasel. That'd mean that the packaging effort would
> be a bit... more interesting.
>

The main distinction, however, was that in the Debian case, Mozilla
objected to the backporting of security-sepcific fixes and then
continuing to call the patched version "Firefox."  As I recall, all that
was before they started offering ESR builds, so every version of Firefox
was a quickly moving target with at most a few months of support.

Once the Firefox project started offering builds that made sense within
Debian's stable release process, the Iceweasel branding could be dropped
and builds could be included in Debian which both satisfied the needs of
patching security vulnerabilities and the upstream branding
requirements.

A project that says "you can't even change the build flags" strikes me
as not especially inclined to display the flexibility that Mozilla
eventually did.  In fact, since they are so concerned about "disastrous"
library combinations and insist on their bundled/patched versions being
used, I find it surprising that they do not specifically dictate which
compilers are authorized to create branded builds.

> I think both sides have their point, and the sad part for me is
> that they didn't manage to tackle the conflict in a more civil
> manner. Perhaps a lesson in humility for us all.
>
Sadly, this sort of conflict seems to be increasing in frequency, rather
than decreasing.  I can think of two other large projects just in the
last two or so years that have been exceptionally hostile to downstream
packagers/maintainers.  So much so that the packagers/maintainers just
gave up.

What seems to be the impediment to civility and humility is that people
tend to become very emotionally invested in their work.  That
exaggerates very minor things to the point where there is a
disproportionate reaction from one side, which thusly triggers a
disproportionate reaction from the other side.  This then results in raw
emotions, public humiliation, etc.  Once the situation escalates like
that, it is difficult to diffuse and return a reasonable and collegial
discussion where the (usually very minor) root issue can be identified
and dealt with.

> > Does Debian project really needs yet another Iceweasel incident?
>
> What the world needs (badly) is more browser alternatives. I'm
> seeing everything converging towards the dystopia where one huge
> corporation controls the server and the client. We had that, and
> it wasn't pretty; nowadays with smartphones, always-on, IoT and
> perhaps worse, we are far more vulnerable to that (business?) model.
>
I agree.  I have already begun encountering sites which behave badly in
Firefox, requiring me to switch to Chromium (and in case Chrome itself,
uggh).  I definitely do not want to return to the bad old days where
most websites had something like "Best viewed in Internet Explorer 5.5+"
on every page :-(

Regards,

-Roberto

--
Roberto C. Sánchez

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
        Hi.

On Thu, Oct 18, 2018 at 08:40:51AM -0400, Roberto C. Sánchez wrote:

> > That would mean (in the context of Debian) that one would have to
> > (a) use the Basilisk-bundled libs (generally a no-no in Debian)
> > or (b) use a different name & brand. Yes, we know this story with
> > Firefox/Iceweasel. That'd mean that the packaging effort would
> > be a bit... more interesting.
>
> The main distinction, however, was that in the Debian case, Mozilla
> objected to the backporting of security-sepcific fixes and then
> continuing to call the patched version "Firefox."  As I recall, all that
> was before they started offering ESR builds, so every version of Firefox
> was a quickly moving target with at most a few months of support.

It still is, for me at least.
I miss old days where they gave me one Iceweasel version for the
duration of stable release.


> Once the Firefox project started offering builds that made sense within
> Debian's stable release process, the Iceweasel branding could be dropped
> and builds could be included in Debian which both satisfied the needs of
> patching security vulnerabilities and the upstream branding
> requirements.

If only Debian project did something about Firefox privacy settings.
Let's face it - Mozilla are hypocrites. They loudly 'care about users'
privacy', but then force their 'opt-out telemetry' on you.
Debian's Firefox build disables some of the offending settings by
default, but not all of them.
At least at Google they are honest enough to say - 'we will spy on you
and we do not give a f*** about your option'.


> A project that says "you can't even change the build flags" strikes me
> as not especially inclined to display the flexibility that Mozilla
> eventually did.

Moreover, a project is x86-only. How exactly such upstream will react to
patches that, for example, fix segfault/sigill on armhf?


> In fact, since they are so concerned about "disastrous"
> library combinations and insist on their bundled/patched versions being
> used, I find it surprising that they do not specifically dictate which
> compilers are authorized to create branded builds.

Careful, they might be reading this ;)


> > > Does Debian project really needs yet another Iceweasel incident?
> >
> > What the world needs (badly) is more browser alternatives. I'm
> > seeing everything converging towards the dystopia where one huge
> > corporation controls the server and the client. We had that, and
> > it wasn't pretty; nowadays with smartphones, always-on, IoT and
> > perhaps worse, we are far more vulnerable to that (business?) model.
> >
> I agree.  I have already begun encountering sites which behave badly in
> Firefox, requiring me to switch to Chromium (and in case Chrome itself,
> uggh).  I definitely do not want to return to the bad old days where
> most websites had something like "Best viewed in Internet Explorer 5.5+"
> on every page :-(

It's happened already. The catch there is that you need Chrome to
display that 'best viewed in' badge.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

basti-3
On 18.10.2018 16:29, Reco wrote:
> If only Debian project did something about Firefox privacy settings.
> Let's face it - Mozilla are hypocrites. They loudly 'care about users'
> privacy', but then force their 'opt-out telemetry' on you.
> Debian's Firefox build disables some of the offending settings by
> default, but not all of them.
> At least at Google they are honest enough to say - 'we will spy on you
> and we do not give a f*** about your option'.

Perhaps Waterfox find the way into re repo.
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885405)

Waterfox differs from Firefox in a number of ways by:

    Disabling Encrypted Media Extensions (EME)
    Disabling Web Runtime
    Removing Adobe DRM
    Removing Pocket
    Removing Telemetry
    Removing data collection
    Removing startup profiling
    Allowing running of all 64-bit NPAPI plugins
    Allowing running of unsigned extensions
    Removing of Sponsored Tiles on New Tab Page
    Addition of locale selector in about:preferences > General
    Defaulting to Bing as the search engine instead of Ecosia, Google or
Yahoo![7]

(https://en.wikipedia.org/wiki/Waterfox)

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
        Hi.

On Thu, Oct 18, 2018 at 04:53:19PM +0200, basti wrote:

> On 18.10.2018 16:29, Reco wrote:
> > If only Debian project did something about Firefox privacy settings.
> > Let's face it - Mozilla are hypocrites. They loudly 'care about users'
> > privacy', but then force their 'opt-out telemetry' on you.
> > Debian's Firefox build disables some of the offending settings by
> > default, but not all of them.
> > At least at Google they are honest enough to say - 'we will spy on you
> > and we do not give a f*** about your option'.
>
> Perhaps Waterfox find the way into re repo.
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885405)
>
> Waterfox differs from Firefox in a number of ways by:
>
>     Disabling Encrypted Media Extensions (EME)
>     Disabling Web Runtime
>     Removing Adobe DRM
>     Removing Pocket
>     Removing Telemetry
>     Removing data collection
>     Removing startup profiling
>     Allowing running of all 64-bit NPAPI plugins
>     Allowing running of unsigned extensions
>     Removing of Sponsored Tiles on New Tab Page
>     Addition of locale selector in about:preferences > General
>     Defaulting to Bing as the search engine instead of Ecosia, Google or
> Yahoo![7]
>
> (https://en.wikipedia.org/wiki/Waterfox)

Too low aim, IMO. And how exactly M$ services are better for privacy
than Google's is anyone's guess.
Tor Browser (friendly upstream included) looking better here, especially
in the light of the fact that Tor Project builds Tor Browser for Debian
stable.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Doug
In reply to this post by Reco

On 10/18/2018 04:49 AM, Reco wrote:

> Hi.
>
> On Thu, Oct 18, 2018 at 10:02:42AM +0200, [hidden email] wrote:
>>> I think its an good alternative to Firefox Quantum.
>>>
>>> More Infos here: https://www.basilisk-browser.org/
>> Indeed, it does look good.
> No, it does not. UXP means Palemoon Browser.
> Palemoon means extremely hostile upstream - [1].
>
> Does Debian project really needs yet another Iceweasel incident?
>
> Reco
>
> [1] https://github.com/jasperla/openbsd-wip/issues/86
>
>
I would like to know what you mean by "extremely hostile upstream"--
I have been using PaleMoon Browser for several years and I like it.
Unlike Firefox, it doesn't change its stripes every few weeks. I am
happy with an app that retains its interface for years and years and
doesn't mess with my head. YMMV.
--doug

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

John Crawley (johnraff)
In reply to this post by tomas@tuxteam.de
On 18/10/2018 18.16, [hidden email] wrote:
> What the world needs (badly) is more browser alternatives. I'm
> seeing everything converging towards the dystopia where one huge
> corporation controls the server and the client. We had that, and
> it wasn't pretty; nowadays with smartphones, always-on, IoT and
> perhaps worse, we are far more vulnerable to that (business?) model.

Have to sadly agree. Corporate unification has already been accomplished
in the post-PC world of touchpads, but now on Debian we essentially have
the choice of Firefox or Chromium. Nothing else looks safe. The modern
web is so complicated that maintaining security patches for a browser is
no longer something that small teams of enthusiastic amateurs can
handle, IMO.

--
John

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Ben Finney-3
In reply to this post by Doug
Doug <[hidden email]> writes:

> On 10/18/2018 04:49 AM, Reco wrote:
> > Palemoon means extremely hostile upstream - [1].
> >
> > [1] https://github.com/jasperla/openbsd-wip/issues/86
> >
> I would like to know what you mean by "extremely hostile upstream"

Reco anticipated your wish to know, and provided a concrete example of
the hostility. Did you read the discussion at that URL?

--
 \            “[T]he great menace to progress is not ignorance but the |
  `\           illusion of knowledge.” —Daniel J. Boorstin, historian, |
_o__)                                                        1914–2004 |
Ben Finney

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
In reply to this post by Doug
On Thu, Oct 18, 2018 at 07:13:20PM -0400, Doug wrote:

>
> On 10/18/2018 04:49 AM, Reco wrote:
> > Hi.
> >
> > On Thu, Oct 18, 2018 at 10:02:42AM +0200, [hidden email] wrote:
> > > > I think its an good alternative to Firefox Quantum.
> > > >
> > > > More Infos here: https://www.basilisk-browser.org/
> > > Indeed, it does look good.
> > No, it does not. UXP means Palemoon Browser.
> > Palemoon means extremely hostile upstream - [1].
> >
> > Does Debian project really needs yet another Iceweasel incident?
> >
> > Reco
> >
> > [1] https://github.com/jasperla/openbsd-wip/issues/86
> >
> >
> I would like to know what you mean by "extremely hostile upstream"--
> I have been using PaleMoon Browser for several years and I like it.

Please note that I haven't qualified the browser itself.
Using Palemoon is OK for the upstream. More users = more recognition.
If it works for you - more power to you.


> Unlike Firefox, it doesn't change its stripes every few weeks. I am
> happy with an app that retains its interface for years and years and
> doesn't mess with my head. YMMV.

But, in this particular thread Palemoon or Basilisk qualities are not
relevant, as this discussion is about the possible inclusion of these
fine browsers into Debian main archive.

And for such inclusion certain criteria must be met, and one of those
is the ability to build the browser from the source the way that
maintainer sees fit. Upstream opposes that, see the link above.

Reco

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Dominik George-7
>> > [1] https://github.com/jasperla/openbsd-wip/issues/86

Seriously? They forbid linking against libraries if their code is not shipped with their sources?

That also seems like a security nightmare in the making.

Mozilla themselves weren't even *that* ridiculous, were they?

-nik

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

mick crane
On 2018-10-19 07:58, Dominik George wrote:
>>> > [1] https://github.com/jasperla/openbsd-wip/issues/86
>
> Seriously? They forbid linking against libraries if their code is not
> shipped with their sources?
>
> That also seems like a security nightmare in the making.
>
> Mozilla themselves weren't even *that* ridiculous, were they?
>

I'm not understanding what "Official branding" refers to in that
exchange.
If anyone has the time to explain.

mick




--
Key ID    4BFEBB31

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
In reply to this post by Dominik George-7
        Hi.

On Fri, Oct 19, 2018 at 08:58:07AM +0200, Dominik George wrote:
> >> > [1] https://github.com/jasperla/openbsd-wip/issues/86
>
> Seriously? They forbid linking against libraries if their code is not shipped with their sources?
>
> That also seems like a security nightmare in the making.
>
> Mozilla themselves weren't even *that* ridiculous, were they?

Ridiculous or not, but stable's firefox-esr contains their own private
version of NSS - [1]. Same for the thunderbird.
But they try to keep it sane, so at least firefox does not embed
'correct' version of GTK3, for example.

[1] https://packages.debian.org/search?searchon=contents&keywords=libsoftokn3.so&mode=exactfilename&suite=stable&arch=any

Reco

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Reco
In reply to this post by mick crane
        Hi.

On Fri, Oct 19, 2018 at 08:26:20AM +0100, mick crane wrote:

> On 2018-10-19 07:58, Dominik George wrote:
> > > > > [1] https://github.com/jasperla/openbsd-wip/issues/86
> >
> > Seriously? They forbid linking against libraries if their code is not
> > shipped with their sources?
> >
> > That also seems like a security nightmare in the making.
> >
> > Mozilla themselves weren't even *that* ridiculous, were they?
> >
>
> I'm not understanding what "Official branding" refers to in that exchange.
> If anyone has the time to explain.

It's the same as Mozilla's branding - [1].
Either you build the software the way upstream wants, or you lose the
right to call resulting software its official name (Palemoon in this
case).
Debian project was able to negotiate this with Mozilla some years ago.
In the case of Palemoon - well, OpenBSD project won't a Palemoon port in
a foreseable future.

Reco

[1] https://lwn.net/Articles/676799/

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Gene Heskett-4
In reply to this post by Ben Finney-3
On Friday 19 October 2018 00:24:43 Ben Finney wrote:

> Doug <[hidden email]> writes:
> > On 10/18/2018 04:49 AM, Reco wrote:
> > > Palemoon means extremely hostile upstream - [1].
> > >
> > > [1] https://github.com/jasperla/openbsd-wip/issues/86
> >
> > I would like to know what you mean by "extremely hostile upstream"
>
> Reco anticipated your wish to know, and provided a concrete example of
> the hostility. Did you read the discussion at that URL?

So did I, and it no longer exists on my system(s). It had worked well,
about a year ago, but no updates and it was slowly falling apart.

I did goto their site a couple months ago looking for updates, and
kindest I could say was that I went away insulted. W/o dl-ing any
updates. That license (then) wasn't gpl-v2 or later, by a heck of a long
row of apple trees. And I sure don't recall clicking thru anything like
that originally. If I did, oldtimers has officially set in. :(

--
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Gene Heskett-4
In reply to this post by mick crane
On Friday 19 October 2018 03:26:20 mick crane wrote:

> On 2018-10-19 07:58, Dominik George wrote:
> >>> > [1] https://github.com/jasperla/openbsd-wip/issues/86
> >
> > Seriously? They forbid linking against libraries if their code is
> > not shipped with their sources?
> >
> > That also seems like a security nightmare in the making.
> >
> > Mozilla themselves weren't even *that* ridiculous, were they?
>
> I'm not understanding what "Official branding" refers to in that
> exchange.
> If anyone has the time to explain.
>
> mick

I certainly have time to read it in that event.


--
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

mick crane
In reply to this post by Reco
On 2018-10-19 11:23, Reco wrote:

> Hi.
>
> On Fri, Oct 19, 2018 at 08:26:20AM +0100, mick crane wrote:
>> On 2018-10-19 07:58, Dominik George wrote:
>> > > > > [1] https://github.com/jasperla/openbsd-wip/issues/86
>> >
>> > Seriously? They forbid linking against libraries if their code is not
>> > shipped with their sources?
>> >
>> > That also seems like a security nightmare in the making.
>> >
>> > Mozilla themselves weren't even *that* ridiculous, were they?
>> >
>>
>> I'm not understanding what "Official branding" refers to in that
>> exchange.
>> If anyone has the time to explain.
>
> It's the same as Mozilla's branding - [1].
> Either you build the software the way upstream wants, or you lose the
> right to call resulting software its official name (Palemoon in this
> case).
> Debian project was able to negotiate this with Mozilla some years ago.
> In the case of Palemoon - well, OpenBSD project won't a Palemoon port
> in
> a foreseable future.
>
> Reco
>
> [1] https://lwn.net/Articles/676799/

that's what -ESR is about then

thanks

--
Key ID    4BFEBB31

Reply | Threaded
Open this post in threaded view
|

Re: basilisk-browser

Roberto C. Sánchez-2
In reply to this post by Reco
On Fri, Oct 19, 2018 at 12:28:16PM +0300, Reco wrote:
>
> Ridiculous or not, but stable's firefox-esr contains their own private
> version of NSS - [1]. Same for the thunderbird.
> But they try to keep it sane, so at least firefox does not embed
> 'correct' version of GTK3, for example.
>

That is very frustrating because there was a time when those
Mozilla-related packages used the system libnss.  Modifying the system
libnss to include an additional cetificate authority was the closest I
could get to deploying an internal CA within a network of Debian
machines (similar to how a Windows admin can push a CA to a bunch of
Windows machines via GPO).

However, they switched to bundled libnss at some point and my choices
became either rebuild each Mozilla-related package (FF, TB, etc.) or
have users manually install the CA.  Rebuilding those packages wasn't
worth the trouble.

It is really frustrating as this is one of those nagging inconveniences
(the lack of a standardized system-wide certificate store that is
actually used by all applications) of Linux that seems like it really
should have been resolved by now.

Regards,

-Roberto
--
Roberto C. Sánchez

12