On Thu, 2015-02-12 at 18:19 +0100, Florian Weimer wrote: > On 02/12/2015 04:53 PM, Simo Sorce wrote: > > On Thu, 2015-02-12 at 09:54 -0500, Miloslav Trmač wrote: > >>> or simply exempt signature checking if > >>> the extension is on disk. They should check on download only. > >> > >> That would defeat the entire purpose; malware is very commonly sideloading extensions. > > > > Malware can easily binary patch firefox to ignore verification, > > Windows has Authenticode, which may change the equation somewhat. > > > I do not > > think trying to defeat sideloading with this kind of verification makes > > much sense. > > Maybe it is only about preventing people from bundling the official > Firefox version with dodgy add-ons. Not downright malware, but things > users may not actually want without realizing it. The signature > checking means that those who prepare the downloads can no longer use > the unmodified upstream binary. Which in turn might force them not to > use Mozilla brands. > > Maybe this is a bit far-fetched, but after hours of staring at other > people's code today, it seems pretty reasonable to me. > > But what do add-on developers do? Surely there is a way to disable this > somehow? Mozilla stated they will have to use the Developer Version (Aurora was the name ?) or the nightlies ... Simo. -- Simo Sorce * Red Hat, Inc * New York -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
