On Mon, 2017-12-18 at 12:34 -0600, Chris Adams wrote: > Once upon a time, Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> said: > > As part of a tie-in with an American TV show, Mozilla thought it'd be a > > great idea to silently install a cryptically-named addon in all(?) > > Firefox deployments. Which can't be turned off. > > I thought that this was actually a violation of the packaging policies, > but I can't seem to find it now; I only see the restriction on software > the requires downloads to be useful. IIRC there used to be a stricter policy that was relaxed as it had become kinda untenable with the widespread acceptance of addons and extensions for things like browsers and desktops. I could be wrong, though. > I think simply requiring Mozilla > to change their policies is unacceptable, as this still depends on a > third party to properly enforce such policies (and not have any security > issue that could result in untrusted addons being installed). Well, practically speaking we do have to have *some* degree of trust in our suppliers for apps as large and complex as a web browser or, say, an office app. Let's face it, practically speaking we're not really equipped to handle an adversarial relationship there. Even if we say "we're going to patch out this mechanism", that only really works if we trust the vendor at least to the degree that we don't believe they'd insert a harder-to-detect back channel to do the same thing, because practically speaking we just don't have the resources to audit the entire Firefox codebase (or even audit changes from some point in time we consider 'trustworthy' onwards) to ensure they haven't done this. > IMHO such behavior needs to be disabled by default in any packages > shipped by Fedora for Fedora to remain a trustworthy distribution. Are > there any other packages that can silently download and run non-Fedora > code? I dunno about 'silently', but there are certainly other cases of this, yes. GNOME Software can install GNOME Shell extensions (which are code, and can do anything with the privileges of the user account running the shell) from a non-Fedora source (extensions.gnome.org), for instance. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
