GNU bug report logs - #67512
[PATCH 0/5] Add LibreWolf

Previous Next

Package: guix-patches;

Reported by: Ian Eure <ian <at> retrospec.tv>

Date: Tue, 28 Nov 2023 20:12:01 UTC

Severity: normal

Tags: patch

Done: Andrew Tropin <andrew <at> trop.in>

Bug is archived. No further changes may be made.

Full log

Message #146 received at 67512 <at> debbugs.gnu.org (full text, mbox):

From: Clément Lassieur <clement <at> lassieur.org>
To: Ian Eure <ian <at> retrospec.tv>
Cc: 67512 <at> debbugs.gnu.org, Mark H Weaver <mhw <at> netris.org>,
 Liliana Marie Prikler <liliana.prikler <at> gmail.com>
Subject: Re: [bug#67512] [PATCH v4 3/4] gnu: Add wasm packages.
Date: Wed, 21 Feb 2024 03:00:43 +0100

On Sat, Feb 17 2024, Ian Eure wrote:

> Clément Lassieur <clement <at> lassieur.org> writes:
>
>> On Tue, Feb 13 2024, Ian Eure wrote:
>>
>>> D. Fold the new (gnu packages wasm) into (gnu packages librewolf). This is
>>> the
>>> only place they’re used, but it sounds like there’s desire to port some of
>>> the
>>> other firefoxen to this stuff, so probably not a good long-term option.
>>
>> Does Librewolf depend on the Wasm packages more than the other Firefox
>> based browsers?
>
> Upstream Librewolf doesn’t depend on the WASM packages more than any other
> Firefoxen.  I believe that WASM sandboxing is an optional feature for recent
> Firefox and FF-derived browsers.
>
>
> In case anyone reading this isn’t familiar: Firefox has taken some libraries
> that handle untrusted data (which are implemented in C/C++) and complied those
> WASM, which it runs in isolated sandboxes.  The idea being that if there’s a
> vulnerability in one of those libraries, the impact will be diminished becasue
> the exploit runs in an environment with very limited privileges[1].
>
>
>> My point is that if your Librewolf package is independent from the Wasm
>> packages, they can be split and reviewed independently.
>
> The Librewolf package I’m submitting depends on these WASM packages; other
> Firefox-derived browsers currently in Guix don’t (because they can’t, because
> the toolchain isn’t in Guix).
>
>
>> That would make the Librewolf review shorter and easier, and the Wasm
>> review more consistent and easy to test.  Also, adding Wasm to our
>> Firefox based browsers would be a one-shot.  (Of course it doesn't have
>> to be included in Icecat, but I think it would be great to have it in
>> ‘make-torbrowser’.)
>>
>
> I’m not sure what you mean by "adding Wasm to our Firefox based browsers would
> be a one-shot."  Are you saying you want a process like:
>
> 1a. Get wasm toolchain stuff merged.
> 1b. Get Librewolf merged without WASM sandboxing.
> 2. Update icecat, torbrowser, mullvad, and librewolf to use WASM sandboxing.

Excatly.  1b can be done after 1a, or before 1a.

And if you can explain why is Mullvad Browser not "great for daily use"
that would be great.  https://logs.guix.gnu.org/guix/2024-02-20.log

Clément
This bug report was last modified 1 year and 85 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.