On 02/06/2010 08:42 PM, Michael Lefevre:
On 06/02/2010 15:04, Eddy Nigg wrote:
Isn't it about time that extensions and applications get signed with
verified code signing certificates? Adblock Plus is doing for a while
now I think, perhaps other should too?
I don't know if more details are available than have been published so
far, but I don't see how code signing would have helped. Unless I'm
missing something code signing just confirms that the code comes from
whoever signed it.
Correct.
How does a certificate prevent someone signing malicious code?
No, it doesn't. But I guess you would think twice to sign (malicious)
code with your name - any code for that matter. And it obviously doesn't
prevent accidents and mistakes, but a certain care would be added by
signing the code and probably prevent intentional cases.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security