Quoting Jeremiah C. Foster (2019-10-25 00:23:32)
On Thu, 2019-10-24 at 19:25 +0200, Jonas Smedegaard wrote:
Quoting Jeremiah C. Foster (2019-10-24 18:40:53)
On Wed, 2019-10-23 at 13:19 +0200, Jonas Smedegaard wrote:
Quoting Jeremiah C. Foster (2019-07-29 02:33:16)
Discussion with various folks has led us to cease maintaining PureBrowser.
Did we really "cease maintaining PureBrowser" already?
No. The blocker is;
- A blog post holding the announcement of EoL for PB
- Consensus from the maintainer (that's you!) of PB that this is
what we're going to do
I'm happy to write the blog post. How do you feel ending the PB fork maintenance?
Thanks, I'd appreciate if you wrote the blog post.
Will do!
Thanks!
If I were to decide, then I would wanna end PureBrowser fork *now* before next release expected in few weeks, and expected to reintroduce Mozilla- and Google-promoting stuff currently ripped out.
Agreed. This seems like good timing.
Good.
I then recommend to prioritize that blog post, because what I hoped would be a few more weeks ended yesterday: https://lists.debian.org/debian-security-announce/2019/msg00201.html
The gist of it is "...could potentially result in the execution of arbitrary code, information disclosure, cross-site scripting or denial of service" - i.e. scary shit!
I recommend these actions:
1. Include firefox-esr from Debian into both amber and byzantium 2. Change germinate packages to include epiphany and not purebrowser 3. Drop purebrowser from both amber and byzantium 4. Tell users to *immediately* remove purebrowser from their systems, replacing instead with either epiphany or firefox-esr. 5. suggest users moving to firefox-esr to migrate by once running "firefox-esr --migrate" from command-line
Step 5 probably requires Mladen or João playing around with it to confirm it is the best way and maybe put up a guiding web page.
Step 4 depends on step 1, and step 3 probably depends on step 2.
- Jonas