GNU bug report logs -
#68361
Mozzarella may list non-free add-ons
Previous Next
Full log
Message #8 received at submit <at> debbugs.gnu.org (full text, mbox):
On Wed, Jan 10 2024, bug-gnuzilla--- via GNUzilla bug reports wrote:
> Hi,
>
> I learned about Mozzarella from social media, so I missed
> the official announcement of how it is curated,
> i.e. automatically or manually added entries.
>
> Either way, I spotted ff2mpv being listed
> although it is published under a non-free license:
> https://raw.githubusercontent.com/woodruffw/ff2mpv/master/LICENSE
>
> The Firefox add-on page still shows the original Expat license though,
> so Mozzarella inherit this metadata.
>
> I think cases like this are rare enough to not demand a web UI
> to report extensions add-ons accidentally listed on Mozzarella,
> but there should be a mechanism to manually remove it
> from the repository to avoid misleading users into installing
> proprietary software.
>
> BTW all Mozzarella pages have an empty <title>, which makes it difficult
> to browse multiple extensions in different tabs/windows.
>
> Kind regards,
> Phong
Hi,
I think this is an issue indeed. But there is another one that is more
serious: even if we remove ff2mpv from Mozzarella, all users who have it
installed will have new updates pulling the non-free code forever.
A possible fix would be to change the source of the add-ons, from
addons.mozilla.org to Guix
(e.g. file:///gnu/store/dxck0g51w8kzmzdn1nx97dsnp78jq4sv-ublock-origin-1.54.0-xpi/lib/mozilla/extensions/uBlock0.firefox.xpi).
That would require us to sign our add-ons though. I don't know how
feasible it is.
Clément
This bug report was last modified 1 year and 156 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.