GNU bug report logs

#76956 librewolf: Outdated and potentially unsafe extensions from Mozzarella

Package	Source(s)		Maintainer(s)
guix		PTS Buildd Popcon

Reported by Snikta <snikta@bahnhof.se>
Date 2025-03-11T20:24:02
Severity normal

Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to bug-guix@gnu.org:
bug#76956; Package guix. (Tue, 11 Mar 2025 20:24:02 GMT) (full text, mbox, link).

Acknowledgement sent to Snikta <snikta@bahnhof.se>:
New bug report received and forwarded. Copy sent to bug-guix@gnu.org. (Tue, 11 Mar 2025 20:24:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

The Guix package for Librewolf points at 
https://gnuzilla.gnu.org/mozzarella instead of the official Mozilla 
add-ons repository. The add-ons provided by Mozzarella are very 
outdated. E.g: the Bitwarden extension is from 2023.

It is likely very wise to remove Mozzarella add-ons repository from the 
Guix package for Librewolf.

https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/librewolf.scm?id=5b4ae0b5c2d63e40c8adaf15d9ce0c456189f321#n530

Regards,
Snikta

[OpenPGP_0x8CF8982C455FAB05.asc (application/pgp-keys, attachment)]

[OpenPGP_signature.asc (application/pgp-signature, attachment)]

Information forwarded to bug-guix@gnu.org:
bug#76956; Package guix. (Thu, 03 Apr 2025 22:38:02 GMT) (full text, mbox, link).

Message #8 received at 76956@debbugs.gnu.org (full text, mbox, reply):

Hi Snikta,

Thanks for the report, however, there’s not much I can do here. 
The Mozilla extension repo can’t be used in Guix browsers, because 
it contains non-free extensions.  I think the alternative would be 
disabling extension repos entirely, which I’m not sure is a thing 
that’s reasonably doable.

If Mozzarella has outdated extensions, I think a bug report to the 
folks who maintain that is the most straightforward option.  But 
if you have another suggestion, I’d love to hear it.

Thanks,

 -- Ian

Information forwarded to bug-guix@gnu.org:
bug#76956; Package guix. (Mon, 07 Apr 2025 13:23:01 GMT) (full text, mbox, link).

Message #11 received at 76956@debbugs.gnu.org (full text, mbox, reply):

Hi,

You can use addons from https://addons.mozilla.org anyway, if you go
there and click "Add to Firefox".

On Tue, Mar 11 2025, Snikta wrote:

> The Guix package for Librewolf points at https://gnuzilla.gnu.org/mozzarella
> instead of the official Mozilla add-ons repository. The add-ons provided by
> Mozzarella are very outdated. E.g: the Bitwarden extension is from 2023.

If you choose to download the add-on from Mozzarella, the first version
can be outdated but once you press the "Check for Updates" button, the
outdated add-on will update from... https://addons.mozilla.org.

So it won't be outdated anymore.  (And maybe won't be free anymore
either, who knows.)

> It is likely very wise to remove Mozzarella add-ons repository from the Guix
> package for Librewolf.
>
> https://git.savannah.gnu.org/cgit/guix.git/tree/gnu/packages/librewolf.scm?id=5b4ae0b5c2d63e40c8adaf15d9ce0c456189f321#n530

Or the source of the add-ons could be Guix, which actually guarantees
that they are free, and remain free.  You can already install some
add-ons from Guix (e.g. 'guix install ublock-origin-icecat').  Feel free
to update them or add more.

Cheers,
Clément

Display info messages

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Tue Apr 15 19:05:22 2025; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.