/etc has a 'firefox' folder with apturl.js

6 réponses [Dernière contribution]
lap4fsf
Hors ligne
A rejoint: 10/12/2014

What worries me really is not the 'Firefox' folder name but its contents, ie /etc/firefox/pref/apturl.js, especially the javascript file named apturl.js

There are two folders for IceCat and Abrowser both having files named syspref.js, which also resides in /etc path.

I am *NOT* against including javascript in programs, if they are free: https://www.gnu.org/philosophy/javascript-trap.html *BUT* from a privacy point of view (as browsers can work on JS, and can be manipulated via an attacker etc.) I feel its my right to understand what is the purpose served by apturl.js(especially do it directs to an embedded URL, can be accessed by an external process etc.)

Thank you in advance for input

Pièce jointeTaille
Screenshot from 2015-01-18 11:12:45.png69.07 Ko
Ctwx

I am a translator!

Hors ligne
A rejoint: 01/01/2015

As far as I know, Firefox uses a lot JavaScript for internal stuff. For example for configuration. Have a look at the output of
dpkg -L abrowser | grep js$
to see what JavaScript files are included in the Abrowser package

But anyway: since it's shipped together with Firefox (IceCat/Abrowser) it's license is probably free. According to the GPL there's not license header and therefore "not free" in the fsf sense. Perhaps we should fix this for future releases.

I don't think that those files are bad in any way. You should not worry about JavaScript that's shipped together with the browser. It has it's weaknesses but can only do certain things. If you want to be sure that JavaScript is disabled by default, I recommend the NoScript-Addon.

marioxcc
Hors ligne
A rejoint: 08/13/2014

>According to the GPL there's not license header and therefore "not free" in the fsf sense.

Having a license header in all files is not a necessary condition for a program to be free. It's necessary that the license or lack of Copyright is stated somewhere; and it's good practice to state it in every file so that even if they're found individually or split from the program, users know which license applies, but it may also be stated in a single file what license the project has. This is not at all specific for the GNU GPL; see https://www.gnu.org/licenses/gpl-faq.en.html#NoticeInSourceFile

Ctwx

I am a translator!

Hors ligne
A rejoint: 01/01/2015

Oh thanks. Then I misunderstood that. :-) Thanks.

Magic Banana

I am a member!

I am a translator!

Hors ligne
A rejoint: 07/24/2010

According to 'man apturl', apturl does not come from the Firefox project:
apturl is a simple graphical application that takes an URL (following the apt-protocol) as a command line option, parses it and carries out the operations that the URL describes (that is, it asks the user if he wants the indicated packages to be installed and if the answer is positive does so).

Javascript is a programming language. It is not bad by itself. Proprietary Javascript is bad. Like any proprietary software written in any programming language.

'apturl' is distributed under the terms of the GNU GPL: https://launchpad.net/apturl

Ctwx

I am a translator!

Hors ligne
A rejoint: 01/01/2015

Sorry, my bad. Thanks for noticing.

Legimet
Hors ligne
A rejoint: 12/10/2013

apturl.js is just a preferences file that sets some configuration values so it can use Apturl. It's not really a "program", but rather just a list of preferences. Nothing to worry about.