On Sun, Aug 15, 2010 at 8:31 PM, Bruno Wolff III <bruno@xxxxxxxx> wrote: > On Sun, Aug 15, 2010 at 16:44:29 -0700, > Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote: >> On Mon, 2010-08-16 at 01:15 +0200, Kevin Kofler wrote: >> > Some web sites are indeed abusing JavaScript. >> >> > A web site is >> > not and should not be an application, an application is not and should not >> > be a web site. >> >> Just because you said so? Web applications bring enormous practical >> benefits to their users and administrators. > > My view is that they show only be used for applications when that application > is going to be used by someone with a trust relationship to the application > provider. For example when using Peoplesoft at work it makes sense, since > I trust my employer to not be trying to hack my work desktop. > > I think using javascript for pages meant to be used by the general public > is a bad idea. It encourages people who don't know better to enable > javascript for general browsing, which signifcantly increases the risks > to them for having credentials stolen or their desktop hacked. > > Instead things should be done server side, with style sheets or xforms. I don't think I'm going out on a limb in saying that limiting or handicapping javascript in the stock install is a non-starter. There are websites which make some use of javascript which are free software through and through. Even if your motivation is purely promoting free tools even breaking one of these would not be a good deal. As I understand it one of the Mozilla approved ways for integrators to change the default Firefox experience is through add-ons. There are a number of firefox addons which increase safety and privacy— tools like noscript, adblock, https-everywhere. (I was about to include ghostery in this list, but I see that it's not free software :( ). Including some of these addons in the default install may improve the security posture of fedora users and increase awareness of web-safety without wading into non-starter proposals like removing javascript. Moreover, by including these by default fedora would reduce the amount user conditioning for installing addons manually from assorted sources as firefox add-ons can be pretty horrific from a security and software freedom perspective as they can and do ship arbitrary binary code. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
