To quote one of the lead GTK/GNOME developers, "what makes you think font sharpness is a metric (of font rendering quality)"? It's absolute madness: https://gitlab.gnome.org/GNOME/gtk/-/issues/3787.
It's always interesting how these large organizations can bring in tens of millions of dollars in excess of expenses, yet still manage to "have no money"
I remember you talking about this the other day when we met at RustWeek.
The CLI tools on Linux have certainly missed many of the recent great improvements in verification technology, so there is a gap between browsers and non browser components doing TLS now. OpenSSL doesn't enable CT by default, unlike Chrome, and it also doesn't handle revocations well either, nor does it enforce the certificate lifetime requirements.
The best solution would be a very stable IPC based API which connects to a systemd service (or something deployed as widely as systemd).
That component could probably also manage the certificates, and only apply these restrictions to "global" certificates. It could distinguish manually configured ones from explicitly configured ones. IIRC most of the file based standards the linux distros adopt can't even distinguish that.
That service would then do the locking needed to have on disk state (CRLite).
It's a complicated project, but also not on the scale of hundreds of thousands of lines of code: most of the components and libraries are available already. One needs to glue it together in the right way and then package it up nicely.
The complicated part would be to convince the Linux community to adopt it hahah.
Tauri seems interesting. It combines a Rust core with the platform-native browser engine for presentation. Of course a potential downside is rendering incompatibilities between engines/platforms.
All businesses are hard, but I don't think selling support is especially hard for one. The above two are how x264 development was funded, but it's also how Klara works for BSD and Igalia for web browsers.
