bug-gnuzilla
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat

From: Narcis Garcia
Subject: Re: [Bug-gnuzilla] GNU LibreJS won't be removed from GNU IceCat
Date: Thu, 22 Feb 2018 08:43:38 +0100 
Which is the principle for LibreJS to approve JavaScript functions
and/or files?
A license mention? A signature? A well-known functions comparison? A
code analysis? It replaces funcions?


El 22/02/18 a les 06:21, Ivan Zaigralin ha escrit:
> I think NoScript is an essential privacy+security tool with a feature set not 
> fully replicated by icecat, so including it would not hurt anyone :)
> 
> It should be considered that LibreJS, which is enabled by default, is already 
> intended to block all non-free JavaScript. So at least from the gnuzilla's 
> point of view, all non-free JavaScript is already disabled, and there seems 
> to 
> be no danger in NoScript whitelisting some unsavory domains. The same 
> consideration makes it theoretically unimportant to turn off the JavaScript 
> completely via browser config.
> 
> However, LibreJS cannot possibly detect non-free software with any kind of 
> reliability, and it is easy to argue that drive-by-downloads, which are un-
> auditable by their very nature, are non-free no matter what license is 
> attached to them. To wit, LibreJS will incorrectly mark an obfuscated piece 
> of 
> GPL-licensed code as free every time. So from the practical point of view, 
> starting out with all JavaScript disabled is the way to go.
> 
> On Wednesday, February 21, 2018 23:04:48 Julie Marchant wrote:
>> On 2018年02月21日 22:02, address@hidden wrote:
>>> Hmmm...If that'd be the case, is it well worth considering "NoScript"
>>> and "HTTPS Everywhere" as part of the default extensions suite?
>>
>> I still think shipping with JavaScript disabled entirely by default
>> would be preferable. Perhaps add an extension with a "danger button"
>> that allows all scripts on a particular page to run (like LibreJS's
>> similar option, instead of being like what NoScript does).
>>
>> Note regarding NoScript: it would have to be modified, since its default
>> settings whitelist dozens of websites serving proprietary JavaScript
>> code. Anyway, I wouldn't see much point.
>>
>> --
>> Julie Marchant
>> https://onpon4.github.io
>>
>>
>> --
>> http://gnuzilla.gnu.org
reply via email to
[Prev in Thread] Current Thread [Next in Thread]