[Pkg-mozext-maintainers] privacybadger: Upstream requests regular updates in stable or the removal of the package

Markus Koschany apo at debian.org
Sat Aug 29 22:35:13 BST 2020

[please CC me, I'm not subscribed to the list]

Hi John,

> I am interested in Privacy Badger and am pleased that the Debianization looks 
> relatively simple. I could probably take it on without much trouble via 
> sponsorship.

That sounds great. You can just add yourself to uploaders and remove myself.

> This is semi-off topic, but an improvement I'm curious about pertains to the 
> Lintian warning:
> O: embedded-javascript-library usr/share/webext/privacy-badger/lib/vendor/
> jquery-3.5.1.js please use libjs-jquery
>     Comment: See Debian bug #916529 why we use the embedded libraries
>     Comment: This is a Firefox wontfix bug.
> Does jQuery often introduce backwards incompatibilities? If not, what about 
> copying jQuery from libjs-jquery into the tree at build time? This is what 
> I've been doing for my WIP LibreJS package for example.

This is mainly a sandboxing problem with Firefox which does not follow
symlinks. I have also thought about using hardlinks but I suspect this
will trigger other bug reports like "I use different partitions with
different file systems, privacybadger doesn't work for me"

The idea with copying libjs-query into the build tree is also a
possibility but this seems to be like a case of over-engineering to me.
Sometimes the system jquery library is not compatible with a certain
piece of software, so this could also become a problem but as I
previously mentioned, the sandboxing problem with Firefox was the main
reason to revert this change.

> Actually, I think looking at Privacy Badger and how it does things (without 
> dh-webext) will help me with that as well, so I'd be happy to do it.

I believe privacybadger is a rather simple Debian package and not hard
to maintain. I just want to update software in stable only for very good
reasons. Otherwise I would prefer a system like Ubuntu's PPAs where I
obtain only a few always up-to-date packages from a source I trust.
Debian backports would not work because privacybadger in stable would
still be out-of-date and if we removed the package from stable only few
people would notice it in backports I guess. But that's another topic.

I can help you with the initial sponsoring but I would prefer if you
found another regular sponsor later. If you want to get more involved in
Debian, I highly recommend to become a Debian maintainer, then we could
grant you upload rights for specific packages.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mozext-maintainers/attachments/20200829/c9789043/attachment.sig>

More information about the Pkg-mozext-maintainers mailing list