On Sat, Mar 17, 2012 at 10:17 AM, Andreas Gal <g...@mozilla.com> wrote: > > We have trained users over a long period of time to think of sites/origins > and not the actual code when making security decisions.
and, also, unfortunately - don't think of this as criticism, think of it as "useful insight" - the mozilla developers as well. > The whole code signing discussion is a total distraction here. no andreas, it's not. if you genuinely believe that the *entire* discussion should be solely and specifically restricted to not involve *any* code-signing of any kind, then i'm sorry to have to be the one to point out that you're simply not qualified to be involved in the discussion. that's not a personal criticism, it's just a statement of fact. it falls to me - the "outsider" and the person whom everybody likes to think of as "oh christ that fucking arsehole again, let's ignore him" - to point that out. ah well. can't be helped. l. _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
