On 02/12/2015 04:53 PM, Simo Sorce wrote: > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote: >>> or simply exempt signature checking if >>> the extension is on disk. They should check on download only. >> >> That would defeat the entire purpose; malware is very commonly sideloading extensions. > > Malware can easily binary patch firefox to ignore verification, Windows has Authenticode, which may change the equation somewhat. > I do not > think trying to defeat sideloading with this kind of verification makes > much sense. Maybe it is only about preventing people from bundling the official Firefox version with dodgy add-ons. Not downright malware, but things users may not actually want without realizing it. The signature checking means that those who prepare the downloads can no longer use the unmodified upstream binary. Which in turn might force them not to use Mozilla brands. Maybe this is a bit far-fetched, but after hours of staring at other people's code today, it seems pretty reasonable to me. But what do add-on developers do? Surely there is a way to disable this somehow? -- Florian Weimer / Red Hat Product Security -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
