On Wed, 14 Jul 2004 23:11:53 +0200, Enrico Scholz
<enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> * extensions should be signed; current situation where you have *only*
> unsigned extensions trains users to accept the big red warning as the
> normal case
I agree with this in terms of human engineering, but don't know if
this is a reason to keep it out of core. Let me fire up the letter
writing bot to all the extention authors about signing their code
right now.....
> * there are too much extensions, it is too easy to install them and
> there is no working way to upgrade them. Users will end in lots of
> extensions of unknown authors which were not updated for ages. This
> will be a huge security problem
>
> * extensions are difficultly to manage; they need a special (active)
> installation routine and are indexed by non-human readable
> keys. AFAIK, there does not exist a way to install them on the CLI
> ('-installExtension' does not work afais)
I think the lack of a clean admin solution to installing and
maintaining a centralized set of extentions is a problem that should
keep it out of core. I'd personally like to see extention management
in firefox get to the point where an rpm package version of firefox
could come with user installable extention support disabled completely
with extentions being expected to be installed via rpm packages by
default. I think the new Xvfb trick being used in fedora.us package
raises some serious questions about firefox being ready to be in Core
and certaintly not the default browser. The scriptable cli
installation of extentions from rpms needs to be worked out correctly
i think before its ready for consideration.
-jef
