On 12/02/15 16:53, Simo Sorce wrote:
Malware can easily binary patch firefox to ignore verification, I do
not
think trying to defeat sideloading with this kind of verification makes
much sense.
Of course you may decide to exempt only extensions in non-user-writable
locations, if you are on Linux and the Firefox binary is read-only for
the user.
Besides the technical issues, what does upstream permit? Since we havn't
re-branded firefox, are we free to modify this whatever way we want? I
can see the argument for upstream to limit such modifications without
re-branding.
Cheers!
--alec