Enrico Scholz wrote:
Owen Taylor <otaylor@xxxxxxxxxx> writes:
My feeling is if there are extensions with binary components, it makes
sense to package them, but for pure Javascript/XUL extensions, it's
probably easier to let users just install them directly into their
account for now.
Manual installation of extensions is a pain when you want the same
firefox setup in different environments (home, work, laptop). Doing
'yum install firefox-...' is much easier.
I disagree that manually typing anything is better than just clicking on
an .xpi and having it work.
Security is another issue; I trust an rpm package from an official
repository more than a lousy, unsigned xpi from an ip-only webpage
(e.g. TBP).
Trust and security are different. I don't see how security will be any
better if nobody bothers to audit the code from these extensions. We're
just assuming blame. This was discussed at the recent Mozilla
Developers Summit at MIT two weeks ago. There needs to be a better way
to handle the trust issue than there is now. It's being workedon.
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
