Firefox addon signing
Reindl Harald
h.reindl at thelounge.net
Thu Aug 27 00:28:48 UTC 2015
Am 27.08.2015 um 02:21 schrieb Solomon Peachy:
> On Wed, Aug 26, 2015 at 05:53:36PM +0200, drago01 wrote:
>> A better solution would be to add a mechanism that allows you to use
>> your own signing keys.
>> That way you have both 1) install self built extensions and 2) the
>> added security.
>
> ..and (3) a way for malware to install its own key, rendering (2) moot
that would imply that malware running as root and then you have already
lost the whole game - pretty sure nobody meant "your own signing keys"
writeable by the user firefox is running
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150827/e00c3681/attachment.sig>
More information about the devel
mailing list