On Mon, Apr 9, 2012 at 4:06 PM, Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> wrote: > On Sun, 08 Apr 2012 19:02:31 +0200, Mark Wielaard wrote: >> I like the idea to disallow this for say firefox plugins or httpd cgi >> scripts, > > Wouldn't it be better to package Mozilla plugins in Fedora so that they are > trusted? rpm packages do not magically fix security issues. A vulnerability in a plugin can be exploited by an attacker regardless how the plugin got installed. (rpm or not). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
