On 2/6/2010 7:04 AM, Eddy Nigg wrote: > Isn't it about time that extensions and applications get signed with > verified code signing certificates? Adblock Plus is doing for a while > now I think, perhaps other should too? > > Because this isn't really comforting: > http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/ >
I just now noticed that this discussion was not cross-posted to mozilla.dev.extensions. Should not input from extension developers be considered? I'm now cross-posting this reply to mozilla.dev.extensions with follow-ups back to the newsgroups where this originally appeared: mozilla.dev.security and mozilla.dev.security.policy. -- David E. Ross <http://www.rossde.com/>. Anyone who thinks government owns a monopoly on inefficient, obstructive bureaucracy has obviously never worked for a large corporation. © 1997 _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security