<lfam>kmicu: Chromium is a Google project AFAIK. I think this information is available online
<lfam>I feel like that question was trying to lead me somewhere, so I'll flesh out my take on this.
<lfam>People use web browsers for nearly everything now. Business, housing, voting registration, travel arrangements, dating, etc. They are going to use web browsers for these things regardless of any non-usability problems the browser might have. The only thing that stops *most* people from using software is whether or not it works.
<kmicu>More Chrome(ium) users → more sites optimized for Chrome (market leader) → more power in hands of Google. So I think there is a reason why a for-profit ogranization well-funds them.
<lfam>From that, I think it's irresponsible to recommend web browsers that don't take security seriously. Chromium is basically *the* security team for FOSS right now
<lfam>People on the Chromium / Chrome Projects moved to Project Zero, which is also funded by Google.
<lfam>I do see the problems with Google. If one isn't careful, they can end up in the Google panopticon
<lfam>But using a niche web browser that doesn't actively do security research on itself means you end up vulnerable to many other parties besides Google
<lfam>It would be better if all the independent FOSS projects could do their own security research, but they don't, mostly because they lack the resources to do it.
<lfam>Overall, that's why I prefer big browsers like Firefox and Chromium over niche browsers. At least Epiphany / webkitgtk also takes security seriously
<RetardedOnion>whatever kdes browser is works better with more tabs than firefox does in my experience.
<kmicu>lfam: I understand security concerns (though I didn’t see any papers proving that Chrom(ium) is more secure than alternatives) but ethically, Chromium is not an option for me. Of course deblobbed Chromium can be included in Guix so there is no problem.
<lfam>kmicu: Those recent Intel issues were researched (not originally discovered, that was ~15 years ago) by P0 :)
<lfam>taylan: I use Mutt, but I'd hardly recommend it to most people :)
<lfam>One could argue that P0's research and exploit development against x86 was commercially motivated. But it still has some benefit for the public :)
<kmicu>lfam: that is not true actually. P0 took the fame, but they credited original authos in very very small print.
<taylan>I normally use Gnus but it's so weird to configure I have no idea how to temporarily test an SMTP and IMAP server I put up without breaking my real config, so I was looking for something easier :D
<taylan>claws-mail looks neat. super simple, GTK interface.
<kmicu>taylan: I use Gnus and Mutt but I cannot recommend them unless you like spending your life in configuration files. ;)
<lfam>kmicu: Really? The story as published is that real exploits were developed independently by several teams in 2017
<nckx>taylan: Claws is great and the most T'bird-alike MUA we have.
<mbakke>taylan: I use notmuch. It's a different approach to email, but good ROI if you have to learn something new.
<mbakke>nckx: Sorry for reverting your commit! There's still room for it on core-updates (qtbase does not build anyway).
<nckx>I suspect Guix users skew disproportionately towards emace
<RetardedOnion>i did guix build qtwebkit -c2 && guix package -i qutebrowser qtwebkit && qutebrowser --backend webkit last night with 16gb ram and i can confirm that webkit does not work with qutebrowser at least
<RetardedOnion>ng0: i can install guix on my main rig. ryzen with 32 gb ram. should be built pretty quick. if you want
<ng0>when it does and the browser still works as the previous versions, I can send my okay
<novaskell>Currently trying to figure out how to rewrite arguments for packages recursively since I need to update the compiler for each (ghc -> ghc-8). Are there any exported procedures for this or is there a better way?
<ng0>So I have a great deal of packages I need to send once I've a discussion is over. One of them phantomjs. Currently I elfpatch it - terrible way, but I needed it working. You can however build it from source, which is what I'll attempt and send in. But: if I remember correctly phantomjs is being deprecated. It is still useful for some parts of youtube-dl. Do we want this in Guix?
<ng0>phantomjs.org: "Important: PhantomJS development is suspended until further notice (more details)."
<RetardedOnion>one part of guix is getting "old" software or softwar that depends on older dependencies to run. so i would 100% say that it should be packaged.
<ng0>What I do locally is simply make a new package for every new version. So if I need texlive-2012 in a couple of years, I can just do guix package -i texlive@2012 instead of going through all the commits. In some cases this doesn't make sense, but sometimes my usecase is bizarre, like building an ancient version of OTP with the same ancient inputs. Sometimes just building old software reliable.
<rekado>novaskell: what do you mean by rewriting arguments?
<RetardedOnion>do you create the packages by hand? if not that script should land on your git
<ng0>I create them by hand. but it's something I'm reconsidering at the moment
<ng0>I assume a 'build once, save forever' state in the future where diskspace doesn't really matter. But there's bits and parts beyond that, outside of Guix. And I hope to get less out of sync by the outcome of the discussion.
<RetardedOnion>that will take a bit until disk space doesnt matter. hard drives are damn expensive
<novaskell>rekado: Idris 1.3.0 requires GHC 8.4.3 to build but it seems passing ghc-8 as the compiler doesn't affect the dependencies
<novaskell>Thus none of them are in scope for the build causing the build system to complain about missing dependencies
<novaskell>I may just be going about this the wrong way
<ng0>so let's get theroretical. if a projects goal would be to offer the option (but not default) to target more network drivers (but remind users that they use nonfree hardware, etc etc longer rationale here), and the project would make use of Guix and the guix namespace (not the repo) would that count as acting against our guidelines or would it just be impolite? my understanding of community guidelines is that
<ng0>they end where personal projects begin, otherwise you'd have no personal space.
<ng0>I have to leave for a couple of hours but will read replies if any
<snape>does anyone know how to install extensions for Chromium?
<RetardedOnion>is chrome://flags/#extension-mime-request-handling Always prompt for install?
<rekado>novaskell: if you need it right away you could use the input rewriting mechanism (see the manual for more information), but it is to be expected that many of the current Haskell packages cannot simply be built with the latest GHC and will require minor changes.
<snape>RetardedOnion: I don't understand your question
<mbakke>snape: So you would prefer if the Web Store is not functional at all, regardless of flags?
<snape>mbakke: To me the current package is good enough, because I can use a wrapper (CHROMIUM_ENABLE_WEB_STORE=1 chromium --disable-background-networking)
<mbakke>I'm not opposed to that, but it could be difficult to achieve. I also think it makes it slightly more "user-hostile": I use a handful of (free software) extensions installed from the store: updating all of them manually would be a pain.
<snape>I agree it's hard to find a good solution, they all have drawbacks
<snape>I tend to favor freedom (see my wrapper), which includes freedom to install free extensions *and* non-free extensions (as an unwanted consequence)
<snape>but if you don't agree, I have my wrapper so it's fine for me
<snape>I agree that background networking should be disabled anyway because we don't want to talk to Google all the time
<mbakke>The main problem is that removing the "--disable-extensions" also will cause it to talk to Google a lot.
<mbakke>Try snooping network traffic with and without that flag.
<tune>but it works on parabola, so it should be able to work here
<tune>they have the same freedom concerns and such
<RetardedOnion>yeah i know. i guess i will just wait. for qutebrowser to work. and chromium. and maybe until then my lockscreen works
<tune>I have a lot of free time, but not a lot of skills, or else I'd try to fix it myself
<tune>I also have a dozen things I wish were packaged, but I haven't figured out packaging stuff yet
<RetardedOnion>id like to add fractal and telegram-desktop as well. well fractal was too complicated for me, so telegram is out of my range.
<CcxWrk>rekado: You can do package variant of PyQt without browser support fairly easily. But with how the build looks I don't think you can make "just QtWebKit/QtWebEngine" package without compiling lot of things twice".
<daviid>for info, the guile-gnome package description says it includes guile-clutter, but that s not possible, it has to be installed separatly (an needs guile-cairo from the source tree, especially patchd for guile-clutter), and guile-gnome-gstreamer is about 10y nmaintained
<rekado>snape: I tried your pinentry configuration and it helps with opening the encrypted file, but I can no longer decrypt email. I’m not prompted for a passphrase any more.
<janneke>oh...about pinentry...; since i did a guix pull to 0.15, i'm getting pinentry in an obnoxious gtk popup -- it used to be in the mini buffer
<jabranham>hrm... I just installed guixsd on a vm, did "guix pull --commit 0f377aa", then "guix system reconfigure /etc/config.scm", but it's in the middle of downloading guix 0.14.0. Is that expected?
<rekado>jabranham: are you using the correct guix?
<rekado>jabranham: ‘guix pull’ installs the new version in ~/.config/guix/current/bin