Okay, once the project is out of pre-release status, I will create a new topic in the Kicksecure Forum, and assume approval of its establishment unless informed otherwise.
Yes, the entire scaffolding, just so I can manually audit everything that matters. The hand-crafted user.js and policies.json files were originally migrated from a Codeberg repository that no longer exists.
No.
1 hour and about 39 minutes without ccache=scache enabled, I will need to carefully consider the security implications of having the cache enabled in a rootless Podman Quadlet container to accelerate the Firefox build itself before deploying it.
Everything is self-hosted on a dedicated server from Hetzner, and I control everything about the infrastructure otherwise. All of this is directly derived from my (previous) work on the Whonix Wiki, which is also what enforces sustainably updating my Hosting Directory long-term.
The main tooling itself is mach, which is what essentially automates the entire Firefox build process:
Not anymore, but this commit URL below is already obsoleted by the following URLs:
Understood, working on it:
We could, I just do not have a primary word to pair it with. If you want it super simple, “Hardened” could be used.
Right, I do not have an answer for that at this point in time, I am still only thinking about how to get from point A to B. The entire repository is only based on the Firefox release/stable tag, not Beta or Nightly, so I have the entire upstream repository in a frozen snapshot until May 19th.
Yes, right from the source code itself:
Here are a bunch of relevant lines:
Lines 116-153: sed wrapper and sedhelper
Lines 155-168: rename_files
Lines 170-208: remove_if_block, sort_inner_list helpers
Lines 314-321: configure() - EME disable, healthreport
Lines 324-325: Custom privacy statement link
Lines 330-348: Activity stream anti-features (sed lines)
Lines 350-385: Top sites JSON replacement with here-doc
Lines 391: Remote settings server blanked
Lines 400-413: Search DDG modifications
Lines 415: process-json-files.py (Python processing)
Lines 419-435: Mobile confvars sh modification
Lines 451-459: Branding files replacement
Lines 461: Disable preprocessor branding flag
Lines 468-470: remove_if_block_in_file for bookmarks
Lines 472-476: Legal pages rebranding
Lines 496-544: apply_batch_branding - massive sed
Lines 546-549: Fingerprinting resistance disabled
Lines 551-553: User agent kept as Firefox
Lines 557-560: Migrator scripts
Lines 562-566: Cargo.toml/Cargo.lock fixes
Lines 568-572: Sort inner list fixes
Lines 580-585: Final confvars and profile icecat.js
And here is where FlawlessFox/BaseSecure (tenative name) and GNU IceCat stand now:
Sure, I will keep the tenative name for now, but remain open to any profound inspirations.
No problem, that is still the only plan. Scrutiny is fine by me, I already constantly do it internally.