On 7/3/23 17:18, Demi Marie Obenour wrote:
Fair. I wonder how much of that memory use would go away if instead of
using Firefox, the web content ran in an embedded WebKitGTK+ webview.
Browser security is not a concern here because in this case the web
content is trusted, and this would also allow using WebKitGTK+’s URL
redirection features instead of HTTP over localhost.
Funnily enough it was switched explicitly from webkitgtk to Firefox for
a reason I forget; I think it was related to disk size. Perhaps Martin
or Jiri has more details to share on that.
> That said, I do want to check that the new Anaconda installer and all
> of its transitive dependencies will be built from source on Fedora
> infrastructure. That means _actual_ sources as found in the SCM
> repository, not the minified blobs one finds on NPM. Web stuff has
> historically been extremely packaging-unfriendly for this reason, and
> the Node ecosystem has a long history of supply-chain attacks. Using
> a React-based UI should mean finding the original source code to all
> of the transitive NPM dependencies, then rebuilding all of them on
> Fedora infrastructure.
As far as I know cockpit builds (don't know where) all its dependencies
and ships them as part of their package but I could be very wrong on
this. You could take a look there or direct questions about it there.
The Anaconda WebUI is implemented "in" cockpit.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
