@danielsreichenbach external build systems suck, not enough sys convention in Rust?

sys crates themselves allow using e.g. C(++) dependencies and those are often tricky to build in their original form already.

If there is no native Rust implementation of those dependencies, this is certainly better than having nothing?

The configuration of using different implementations is usually via feature flags in the consumers of the sys crate (e.g. `reqwest`), so if anything those could make it easier.

@YaLTeR it's some boilerplate and requires a build.rs but the code itself is easy?

https://doc.rust-lang.org/cargo/reference/build-script-examples.html#conditional-compilation

@mttaggart @eragon thanks for checking those extensions and updating the OP!

I only have passing knowledge of web extensions, but counterintuitively having to recommend a weaker CSP due to ecosystem deficits in the current year gave me pause, so good to have a chat and one less bad news :)

@mttaggart @eragon if I understand correctly that means the new Entra CSP would then only block password manager extensions that rely on injecting inline scripts

External scripts also seem to be against extension best practices
https://extensionworkshop.com/documentation/develop/build-a-secure-extension/

It feels like this change is only an issue for password manager extensions that currently have fragile implementations to begin with?

@mttaggart @eragon it seems like the CSP spec itself advocates for extensions to be exempt from the page CSP
https://www.w3.org/TR/CSP/#extensions

At the same time this does not seem to be implemented (correctly) in browsers, see e.g
https://bugzilla.mozilla.org/show_bug.cgi?id=1267027

Would be wild if a regular page could tell my user-agent to basically disable e.g. my ad-blocker extension