Hacker News new | past | comments | ask | show | jobs | submit login

#3 is a weird one to take issue with. Unless by “demonstrably wrong” you mean “objectively right”? You can’t backport a patch from a fork for a feature that doesn’t exist in that fork. You can make your own patch. XUL ones can come from ESR… except when you don’t fork ESR. Oops! A fork has to be able to maintain the browser as well or better than the Firefox community does right now, and again, I don’t trust any of the fork teams to do that.

You’re also misrepresenting what “Defense in Depth” changelog entries in Pale Moon mean. For two of the five on the current page: CVE-2017-7809 was fixed by Firefox; NPAPI plugins aren’t supported anymore. The other three aren’t specific and don’t link to an issue tracker or patch, so it’s hard to say.




Well, 1 is your opinion so it's hard to change that. 2 is obvious and not really a problem. So the only thing you had was 3.

And no, I mean demonstrably wrong. But you are right that all the useless attack surfaces that Firefox has (ie, WebGl, Websockets, Pocket, etc) aren't in Pale Moon. Luckily for PM it doesn't need to do as well or better than Firefox because it simply doesn't have all the excess "features".


Maybe an example will make it clearer to you what #3 means. Firefox stops supporting certain types of extensions. Firefox stops making security patches to this (eventually) removed feature. Because there are no patches, you can’t backport them to your fork. From this, we have the objectively correct

> 3. You can’t backport patches for removed features

which is just as obvious as 2 – and they are important.


Ah, I finally get what you're saying. You're complaining that forks will have to support code that Mozilla no longer does.

Yeah. That's the point of forks.


They're not complaining, they are pointing out that this is a bunch of work that Palemoon's authors need to do, just to be no worse than Firefox. Work there isn't much evidence of them doing.


WebSocket is useless? WebGL is useless?

I mean, you're entitled to your opinions, but these are pushing the envelope of silly.


> Pocket

That's just a plain extension they bundled...




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: