Cross posting to dev.planning, where I originally intended this to be. Please follow up to dev.planning.
Jorge On 10/30/13 3:42 PM, Jorge Villalobos wrote: > Hello! > > As many of you know, the Add-ons Team, User Advocacy Team, Firefox Team > and others have been collaborating for over a year in a project called > Squeaky [1]. Our aim is to improve user experience for add-ons, > particularly add-ons that we consider bad for various levels of "bad". > > Part of our work consists on pushing forward improvements in Firefox > that we think will significantly achieve our goals, which is why I'm > submitting this spec for discussion: > > https://docs.google.com/document/d/1SZx7NlaMeFxA55-u8blvgCsPIl041xaJO5YLdu6HyOk/edit?usp=sharing > > The Add-on File Registration System is intended to create an add-on file > repository that all add-on developers need to submit their files to. > This repository won't publish any of the files, and inclusion won't > require more than passing a series of automatic malware checks. We will > store the files and generated hashes for them. > > On the client side, Firefox will compute the hashes of add-on files > being installed and query the API for it. If the file is registered, it > can be installed, otherwise it can't (there is planned transition period > to ease adoption). There will also be periodic checks of installed > add-ons to make sure they are registered. All AMO files would be > registered automatically. > > This system will allow us to better keep track of add-on IDs, be able to > easily find the files they correspond to, and have effective > communication channels to their developers. It's not a silver bullet to > solve add-on malware problems, but it raises the bar for malware developers. > > We believe this strikes the right balance between a completely closed > system (where only AMO add-ons are allowed) and the completely open but > risky system we currently have in place. Developers are still free to > distribute add-ons as they please, while we get a much-needed set of > tools to fight malware and keep it at bay. > > There are more details in the doc, so please give it a read and post > your comments and questions on this thread. > > Jorge Villalobos > Add-ons Developer Relations Lead > > [1] https://wiki.mozilla.org/AMO/Squeaky > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
