Mozilla enabled ads in Firefox and they're active in Fedora
Reindl Harald
h.reindl at thelounge.net
Tue Nov 18 17:40:02 UTC 2014
Am 18.11.2014 um 18:29 schrieb Bruno Wolff III:
> On Tue, Nov 18, 2014 at 18:16:12 +0100,
> drago01 <drago01 at gmail.com> wrote:
>> On Tue, Nov 18, 2014 at 3:00 PM, Bruno Wolff III <bruno at wolff.to> wrote:
>>>
>>> We shouldn't be doing that either. Any welcome page initially displayed
>>> should be from a copy on the installation, not something fetched from a
>>> remote server.
>>
>> That's getting into the "paranoid" area .. where do you draw the line?
>> The fedora project (and lots of its mirros)also gets your ip when the
>> system checks for updates,
>
> Mozilla is a third party. There is no reason that they should be
> contacted by default.
calling upstream "3rd party" is somehow strange
most code in fedora is from 3rd party
if you don't trust the 3rd party you *really* need to review every
single line of code
> Even for mirrors, people run local mirrors. Not every installation
> contacts Fedora mirrors directly.
most of them for sure not because hide the IP
typically it's done because someone has to maintain 5, 10, 20, 100
machines and want to save time and/or bandwidth, maybe even combined
with save ressources of the official mirrors
> The cost of avoiding phoning home in tese cases is low. You can install
> a copy of the file locally and use a file: reference to it. The file can
> include a link to the source so that people can fetch a possibly more up
> to date version if they want.
nobody said anything against that
*but* please avoid FUD and paranoia and claim upstream unstrustable
until you can prove that instead of assume it
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20141118/b2dd64c7/attachment-0001.sig>
More information about the devel
mailing list