As Matt mentioned, this is something that we need to decide if we want
disabled at build time (deleting base_feature_status from
third_party/blink/renderer/platform/runtime_enabled_features.json5 ,
which would turn it back into a blink field-trial option that's
disabled by default), disabled at runtime (I'm not sure whether a
command-line argument or something set in initial_preferences).
On one hand, someone might require this if, say, their bank decided to
start using it and only worked with it enabled. On the other hand,
leaking information like the list of browser plugins is pretty shitty.
That commit is for v117, so we have 2 months to figure it out.
On Wed, Jul 26 2023 at 12:25:34 PM -07:00:00, Matt Taggart
<m...@lackof.org> wrote:
Package: chromium
Version: 115.0.5790.102-2
Engineers working for Google have proposed a standard named
Web Environment Integrity
details available at
https://github.com/RupertBenWiser/Web-Environment-Integrity/blob/main/explainer.md
There have been hundreds of articles, social media posts, etc
discussing this, here is a page that gives a good summary of the
events so far:
https://interpeer.io/blog/2023/07/google-vs-the-open-web/
Initially it was a standards proposal, but now it looks that it's
already implemented
https://github.com/chromium/chromium/commit/6f47a22906b2899412e79a2727355efa9cc8f5bd
Debian needs to figure out if this is something we want in chromium
(at all, disabled at build time, disabled at runtime, etc).
Thanks,
--
Matt Taggart
m...@lackof.org
