[Pkg-mozext-maintainers] Bug#919557: Bug#919557: Bug#922944: handling symbolic links in webextensions

Dmitry Smirnov onlyjob at debian.org
Sat Apr 25 23:49:46 BST 2020

On Sunday, 26 April 2020 8:20:28 AM AEST Ximin Luo wrote:
> As I mentioned on firefox bugzilla [1], I have figured out the exact place
> in the firefox code responsible for this issue.
> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1420286

Without looking into the proposed fix, I think there are few reasons not to 
make any alterations:

As much as I like the idea of symlinking resources from webextensions, 
incorporating those resources at build-time make packaged addons less 
fragile. Frequently synlinked Javascript libraries change/break often enough 
on "apt upgrade" and when it happens maintainer have to resort to bundling of 
working versions anyway but not before users experience (and report) 

Diverging from upstream may not be desirable. I'm sure Firefox is difficult 
enough to maintain without adding specific logic that have to be tested.

IMHO symlinks sandboxing was done upstream for security reasons. We may not 
fully understand implication of changing this behaviour.

I've already discovered and documented working solution to incorporating 
resources to webextension packages at build time. Updating packages is easy 
enough and should be even possible with binNMUs to refresh their bundled 
resources. That approach might be considered "good enough".

All the best,
 Dmitry Smirnov.


The past is whatever the records and the memories agree upon.
        -- George Orwell, 1984
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-mozext-maintainers/attachments/20200426/3e92b2b9/attachment.sig>

More information about the Pkg-mozext-maintainers mailing list