Re: Firefox Add-ons

On 06/02/2010 15:04, Eddy Nigg wrote: Isn't it about time that extensions and applications get signed with verified code signing certificates? Adblock Plus is doing for a while now I think, perhaps other should too? I don't know if more details are available than have been published so far, bu

Re: Safety of extensions (DefCon presentation)

On 29/11/2009 07:40, Kálmán „KAMI” Szalai wrote: Do we have friendly extension, or signed extension? Could you describe the validation process. Is it a go not go test or a detailed code review? Are there possibility that author create a good extension and change it for the 4th release to bad exte

Re: Nonstandard ports and admin override?

Kyle Hamilton wrote: > Hi, I'm trying to figure out (for testing purposes only -- I need to > verify a certificate on a POP3 server) if there's a way to override > Firefox 3's internal port blocking. [snip] I think http://www.mozilla.org/projects/netlib/PortBanning.html is the feature you're refer

Re: "minutely external verification of the download packages"

On 2007-03-05, Gervase Markham <[EMAIL PROTECTED]> wrote: > Jonathan Watt wrote: >> Do we have systems in place to stop this sort of thing from happening: >> >> http://wordpress.org/development/2007/03/upgrade-212/ > > You mean apart from those normal security mechanism (passwords etc.) > which p

Re: Flowchart covering SSL checks, error states, dialogs

On 2007-02-06, Gervase Markham <[EMAIL PROTECTED]> wrote: > Michael Lefevre wrote: [snip] >> I don't see how a simple on/off indication is going to work, unless it is >> "on" for any and all sites that a "normal" user wants to give their >> pers

Re: EV guidelines

On 2007-02-05, Heikki Toivonen <[EMAIL PROTECTED]> wrote: > Ben Bucksch wrote: >> Even if we have generic UI (like green bar), it does not help us, if we >> have nothing to back it up. We should not show "Good" unless we're sure >> the site is *trustworthy* - not just verified address/identity, not

Re: Flowchart covering SSL checks, error states, dialogs

On 2007-02-05, Gervase Markham <[EMAIL PROTECTED]> wrote: [snip] > "Throw all the information at the user and let them make up their own > mind" is not going to be our UI strategy. So you may as well stop > lobbying for it to be. :-| Seems to me that your own point extends to EV though. I can't

Re: Study questions EV certs effectiveness?

On 2007-01-29, Gervase Markham <[EMAIL PROTECTED]> wrote: > dolphinling wrote: >> "The study, based on user testing, found that EV certificates don't >> improve users' ability to detect attacks, that the interface can be >> spoofed, and that training users actually decreases their ability to >>