Jean-Marc Desperrier wrote: > I'm convinced this would work better than the current site white list > mechanism. > My opinion is that white-list forces to take a bad compromise between : > - allowing a small number of list, which will result in major bandwidth > problems for those sites, and difficulties if the number of extension > creators gets large to make their extension available from those few sites. > - augmenting the number of sites, and taking a large risk that one of > them gets somehow subverted to download a bad extension.
The whitelist is not a security measure, it's an anti-abuse measure like the popup blocker. The eventual intention is to let people continue on with the install from the non-modal infobar without having to whitelist the site. When this is done the whitelist will only be useful as a convenience for developer types at sites they use often, or for corporate installations that want to whitelist internal sites. _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security