On 2/6/2010 7:04 AM, Eddy Nigg wrote: > Isn't it about time that extensions and applications get signed with > verified code signing certificates? Adblock Plus is doing for a while > now I think, perhaps other should too? > > Because this isn't really comforting: > http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/ >
Do you know a source of free "verified code signing certificates"? Most add-ons are freeware developed by individuals who do it as a hobby. Requiring code-signing subscriber certificates would add a cost that few could afford. For those who are concerned, I suggest that they only install add-ons from <https://addons.mozilla.org/en-US/firefox/>, which is a Mozilla Corporation site secured with a Verisign-signed site certificate. Add-ons there go through some degree of review before being available to the public; before such reviews are concluded, add-ons require a user to logon to his or her own account and receive a warning that the review is still underway. -- David E. Ross <http://www.rossde.com/>. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
