License forbids we enable official branding if we don't build with all of their bundled libraries which we do not intend to do.
Please, do not remove this port. Is it possible to static link with bundled libraries?
(In reply to rozhuk.im from comment #1) Unlikely unless we duplicate all the patches we carry for all of those libraries as well as ensure they get the right configure / build flags that we need. It will not be easy. And then we have no way to track vulnerabilities. They seem to be open to just disabling branding, but before we can do that I'm disabling distribution of the binaries to prevent any legal action.
A commit references this bug: Author: feld Date: Tue Feb 6 23:57:31 UTC 2018 New revision: 461119 URL: https://svnweb.freebsd.org/changeset/ports/461119 Log: www/palemoon: Update LICENSE_PERMS Upstream forbids distribution of this package with their branding unless we are able to fully comply with the requirements of building against all of the libraries in their tree. This is untenable so we will block distribution for now and work on disabling branding. PR: 225717 MFH: 2018Q1 Changes: head/www/palemoon/Makefile
A commit references this bug: Author: feld Date: Tue Feb 6 23:58:04 UTC 2018 New revision: 461120 URL: https://svnweb.freebsd.org/changeset/ports/461120 Log: MFH: r461119 www/palemoon: Update LICENSE_PERMS Upstream forbids distribution of this package with their branding unless we are able to fully comply with the requirements of building against all of the libraries in their tree. This is untenable so we will block distribution for now and work on disabling branding. PR: 225717 Changes: _U branches/2018Q1/ branches/2018Q1/www/palemoon/Makefile
Testing removing official branding.
According to http://www.palemoon.org/redist.shtml 8b, stopping distributing binary makes no difference actually. According to https://github.com/jasperla/openbsd-wip/issues/86 only trademark is their concern, so I'm taking a look at how the New Moon icon looks.
(In reply to Mark Felder from comment #2) At least nss is mozilla staff, you cant patch it to proper work with palemoon and with ff+thundeburd and other ports. Vulnerabilities in palemoon in-base libs - should be handled by palemoons devs. Did you try static linking palemoon and all its in-base libs?
(In reply to rozhuk.im from comment #7) If an issue comes, we can switch dependency individually; we have been doing this many times with base nss + ff.
Created attachment 190377 [details] new moon
(In reply to lichray from comment #9) I'm wondering if we should change the name as well to protect ourselves from further threats.
(In reply to Mark Felder from comment #10) > I'm wondering if we should change the name as well to protect > ourselves from further threats. See https://forum.palemoon.org/viewtopic.php?t=18256#p134592 > However, we are not going to force them to rename an already > established package name (The package not the application) since > that would be very disruptive to users.
About bundled libs see: https://freenode.logbot.info/?ch=palemoon&q=bsd https://github.com/MoonchildProductions/Pale-Moon/commit/f26f28a54c3ee47ea1ebe446f679432f935a8c8e https://github.com/MoonchildProductions/UXP/commit/0f3e990615adfd42ae9cfbe13a6259cb6a0368c4 In particular: > 2018-02-06 23:10 NewTobinParadigm: Of course New Moon using system > libs won't do animated png and won't do camilla cyphers animated png is supported by --with-system-png via $ make showconfig -C /usr/ports/graphics/png ===> The following configuration options are available for png-1.6.34: APNG=on: Enable Animated PNG support while "camilla cyphers" isn't but only few users may notice https://bugzilla.mozilla.org/show_bug.cgi?id=1211248 https://bugzilla.mozilla.org/show_bug.cgi?id=940119 https://github.com/MoonchildProductions/Pale-Moon/commit/ec48ccc34fe6c17ef9ce6437667e325361bd6198
Mark, is there any reason I shouldn't commit this? The patch disables branding which is all we were asked to do AFAICT.
Work distracted me lately. Go for it.
A commit references this bug: Author: tobik Date: Sat Mar 17 07:24:45 UTC 2018 New revision: 464763 URL: https://svnweb.freebsd.org/changeset/ports/464763 Log: www/palemoon: Disable official branding PR: 225717 Changes: head/www/palemoon/Makefile
(In reply to Mark Felder from comment #14) Thanks.