Firefox addon signing

Alec Leamas leamas.alec at gmail.com
Thu Feb 12 15:57:09 UTC 2015


On 12/02/15 16:53, Simo Sorce wrote:

> Malware can easily binary patch firefox to ignore verification, I do not
> think trying to defeat sideloading with this kind of verification makes
> much sense.
> Of course you may decide to exempt only extensions in non-user-writable
> locations, if you are on Linux and the Firefox binary is read-only for
> the user.

Besides the technical issues, what does upstream permit? Since we havn't 
re-branded firefox, are we free to modify this whatever way we want? I 
can see the argument for upstream to limit such modifications without 
re-branding.

Cheers!

--alec



More information about the devel mailing list