Firefox addon signing

Daniel P. Berrange berrange at redhat.com
Thu Feb 12 16:02:37 UTC 2015


On Thu, Feb 12, 2015 at 09:54:16AM -0500, Miloslav Trma─Ź wrote:
> > or simply exempt signature checking if
> > the extension is on disk. They should check on download only.
> 
> That would defeat the entire purpose; malware is very commonly
> sideloading extensions.

If we only exempt extensions installed by RPM it is reasonable to assume
that our new package review process would have validated there is no
malware present. Our package review process is serving the same kind of
purpose as Mozilla's extension review & signing process.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


More information about the devel mailing list