On Thu, Oct 10, 2024 at 08:52:13PM +0000, Michael Kjörling wrote: > On 10 Oct 2024 20:47 +0200, from tomas@tuxteam.de: > >>> ...however, Flatpak works fine on Debian and is a pretty neat way of > >>> getting very fresh versions of certain selected pieces of software, like > >>> Firefox (official Mozilla channel, released without any delay) > >> > >> These days, Mozilla also offers a true Debian repository. > > > > I don't really trust Mozilla that much anymore. I use it because > > the alternatives are even worse, > > https://michael.kjorling.se/blog/2024/staying-with-firefox-for-now/ Good writing. This is, more or less, my feeling. That's, more or less, why I still stay with Firefox. With quite a grudge, mind you. Basically, the way the ideals of free software are being beaten into submission is by outcoding them (and by diluting them, see Microsoft's three-pronged approach with Github, Copilot and VSCode, which is eerily parallel to Google's: dominate the net (search) and the client (Android, Chrome -- and Firefox on a short leash)). > > but it feels a bit like the frog preheater. > > > > It seems I'm not the only one: > > > > https://www.jwz.org/blog/2024/10/mozillas-ceo-doubles-down-on-them-being-an-advertising-company-now/ > > Most of the issues with Mozilla the organization _should_ have little > bearing on the relative safety of exactly how one is installing a > Firefox package for Debian _built and delivered by Mozilla_. apt*'s or > dpkg's conflict handling _should_ scream bloody murder if two packages > try to own the same file [...] That's right. My beef is not with Mozilla itself to subert directly the operating system's security model. It is to subvert the users themselves, leading them to curtail their own freedom out of their own free will. A business model the ad industry has been honing for aeons (the first "scientific" books about the topic I know of are roughly 100 years old [1] [2] -- the underlying ideas might be as old as humankind). Cheers [1] https://en.wikipedia.org/wiki/Edward_Bernays [2] https://en.wikipedia.org/wiki/Crystallizing_Public_Opinion -- t > official Firefox releases as Flatpaks directly from Mozilla without > any delay; for that, their Flatpak repository or their Debian package > repository should be essentially equivalent. > > But even in a theoretical situation absent _any_ issues with Mozilla, > there's still no reason why they should be trusted with pushing a > package named, say, libc6 or xorg or mousepad which overrides the > package provided through the Debian repositories simply by virtue of > having a higher version number in the repository manifest. Which is > why I don't see any reason to give _everything_ originating from their > repository a pin priority of 1000, as their setup suggests. What they > ship, which I would expect to be firefox, thunderbird (possibly plus > ESR versions separately packaged) and the corresponding localization > packages, should be sufficient. > > -- > Michael Kjörling 🔗 https://michael.kjorling.se > “Remember when, on the Internet, nobody cared that you were a dog?” >
Attachment:
signature.asc
Description: PGP signature