| 16 Feb 2026 |
|  pneumatic changed their profile picture. | 15:18:39 |
| 18 Feb 2026 |
 hexa | https://www.thunderbird.net/en-US/thunderbird/140.7.1esr/releasenotes/ | 15:58:08 |
| hexa | https://www.thunderbird.net/en-US/thunderbird/140.7.2esr/releasenotes/ | 15:58:41 |
 vcunat | We just had https://github.com/NixOS/nixpkgs/pull/490953 so I expect the bot to soon make a PR for the second one. | 17:50:52 |
| vcunat | * We just had https://github.com/NixOS/nixpkgs/pull/490953 so I expect the bot to soon make a PR for the second bump. | 17:51:05 |
| hexa | Whether the bot updates packages in a reasonable timeframe is debatable | 21:08:19 |
| vcunat | ๐ค right, in this case it was weeks late apparently? | 21:17:14 |
| hexa | Jan 27th -> Feb 16th | 21:24:51 |
| hexa | 22 days | 21:25:05 |
| 19 Feb 2026 |
| hexa | In more important news, we found that the vulnerability in libvpx encoding required a specific setting that Firefox is not using. It's essentially not affected.
| 13:27:21 |
| hexa | in #Mozilla Security | 13:27:34 |
|  @jonhermansen:matrix.org left the room. | 18:27:48 |
| 21 Feb 2026 |
|  h7x4 changed their profile picture. | 19:27:00 |
| h7x4 changed their profile picture. | 19:30:25 |
| h7x4 changed their profile picture. | 19:33:53 |
| 22 Feb 2026 |
|  ้ๅ
InverseLight joined the room. | 02:07:40 |
|  Kite joined the room. | 02:54:31 |
| 23 Feb 2026 |
|  whispers [& it/fae] joined the room. | 14:10:05 |
| whispers [& it/fae] | hai i know it's been like a month but i will note: it is possible to build tor browser and mullvad browser from source. i have experiments with it [in my personal dotfiles](<https://codeberg.org/whispers/nebula/src/branch/meow/nix/pkgs/tor-browser-src>). but yeah, the issues felschr mentioned in that forum post are the thing stopping me from using it in any real capacity. fingerprinting is really fucking complicated and i'm like half sure that all of the --with-system-XXX flags that buildMozillaMach uses probably introduce fingerprinting issues somewhere | 14:36:48 |
| whispers [& it/fae] | hai i know it's been like a month but i will note: it is possible to build tor browser and mullvad browser from source. i have experiments with it [in my personal dotfiles](<https://codeberg.org/whispers/nebula/src/branch/meow/nix/pkgs/tor-browser-src>). but yeah, the issues felschr mentioned in that forum post are the thing stopping me from using it in any real capacity. fingerprinting is really fucking complicated and i'm like half sure that all of the --with-system-XXX flags that buildMozillaMach uses probably introduce fingerprinting issues somewhere, and avoiding that would require work from someone who is intimately familiar with firefox, tor browser, and the landscape of browser fingerprinting. | 14:37:24 |
| whispers [& it/fae] | hai i know it's been like a month but i will note: it is possible to build tor browser and mullvad browser from source. i have experiments with it in my personal dotfiles. but yeah, the issues felschr mentioned in that forum post are the thing stopping me from using it in any real capacity. fingerprinting is really fucking complicated and i'm like half sure that all of the --with-system-XXX flags that buildMozillaMach uses probably introduce fingerprinting issues somewhere, and avoiding that would require work from someone who is intimately familiar with firefox, tor browser, and the landscape of browser fingerprinting. | 14:37:59 |
| hexa | yup, that tracks | 14:38:14 |
| whispers [& it/fae] | hai i know it's been like a month but i will note: it is possible to build tor browser and mullvad browser from source. i have experiments with it in my personal dotfiles. but yeah, the issues felschr mentioned in that forum post are the thing stopping me from using it in any real capacity. fingerprinting is really fucking complicated and i'm like half sure that all of the --with-system-XXX flags that buildMozillaMach uses probably introduce fingerprinting issues somewhere (let alone far bigger things). avoiding that would require work from someone who is intimately familiar with firefox, tor browser, and the landscape of browser fingerprinting. | 14:38:24 |
| whispers [& it/fae] | the guix folks do actually build tor browser from source in their own repositories but frankly i'm skeptical they've done the work to make sure all of those risks are mitigated | 14:41:21 |
| whispers [& it/fae] | simply because i doubt there's anyone on the planet who knows exactly what that work even is | 14:41:44 |
 K900 | Fingerprinting is not a game you can win tbh | 14:41:58 |
| hexa | I have doubts in most distros building a proper Firefox with all the features it provides | 15:10:24 |
| hexa | e.g. Firefox 95 added a sandboxing feature that requires wasm cross compiling https://blog.mozilla.org/attack-and-defense/2021/12/06/webassembly-and-back-again-fine-grained-sandboxing-in-firefox-95/ | 15:11:36 |
 emily | I think most distros just have fixed prepackaged cross compilers for things like that | 15:40:47 |
| hexa | not sure what "most" here means | 15:41:53 |
