(I'm serious, by the way: we're most likely turning off XPInstall by default for most sites for Firefox 1.0)
It does make more sense to sign XP package.
Site-level restriction is a problem for load repartition (isn't mozdev strongly overloaded ?), and make the consequence of a site hacking more dire.
There's no justification for seeing it as more difficult than site level filtering.
_______________________________________________
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security
