[PureOS] Bits from PureOS | Sharks!

Jonas Smedegaard jonas.smedegaard at puri.sm
Fri Oct 25 03:27:26 PDT 2019 

Quoting Jeremiah C. Foster (2019-10-25 00:23:32)
> On Thu, 2019-10-24 at 19:25 +0200, Jonas Smedegaard wrote:
> > Quoting Jeremiah C. Foster (2019-10-24 18:40:53)
> > > On Wed, 2019-10-23 at 13:19 +0200, Jonas Smedegaard wrote:
> > > > Quoting Jeremiah C. Foster (2019-07-29 02:33:16)
> > > > > Discussion with various folks has led us to cease maintaining 
> > > > > PureBrowser.
> > > > 
> > > > Did we really "cease maintaining PureBrowser" already?
> > > 
> > > No. The blocker is;
> > > 
> > > 1. A blog post holding the announcement of EoL for PB
> > > 2. Consensus from the maintainer (that's you!) of PB that this is
> > > what 
> > > we're going to do
> > > 
> > > I'm happy to write the blog post. How do you feel ending the PB
> > > fork
> > > maintenance?
> > 
> > Thanks, I'd appreciate if you wrote the blog post.
> 
> Will do!

Thanks!

> > If I were to decide, then I would wanna end PureBrowser fork *now* 
> > before next release expected in few weeks, and expected to
> > reintroduce 
> > Mozilla- and Google-promoting stuff currently ripped out.
> 
> Agreed. This seems like good timing.

Good.

I then recommend to prioritize that blog post, because what I hoped 
would be a few more weeks ended yesterday: 
https://lists.debian.org/debian-security-announce/2019/msg00201.html

The gist of it is "...could potentially result in the execution of 
arbitrary code, information disclosure, cross-site scripting or denial 
of service" - i.e. scary shit!

I recommend these actions:

 1. Include firefox-esr from Debian into both amber and byzantium
 2. Change germinate packages to include epiphany and not purebrowser
 3. Drop purebrowser from both amber and byzantium
 4. Tell users to *immediately* remove purebrowser from their systems,
    replacing instead with either epiphany or firefox-esr.
 5. suggest users moving to firefox-esr to migrate by once running
    "firefox-esr --migrate" from command-line

Step 5 probably requires Mladen or João playing around with it to 
confirm it is the best way and maybe put up a guiding web page.

Step 4 depends on step 1, and step 3 probably depends on step 2.

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: signature
URL: <http://lists.puri.sm/pipermail/pureos-project/attachments/20191025/d19f2c6a/attachment.sig>

More information about the PureOS-project mailing list