On Mon, 2007-16-04 at 13:09 -0400, Christopher Aillon wrote: > > Security is another issue; I trust an rpm package from an official > > repository more than a lousy, unsigned xpi from an ip-only webpage > > (e.g. TBP). > > Trust and security are different. I don't see how security will be any > better if nobody bothers to audit the code from these extensions. We're > just assuming blame. This was discussed at the recent Mozilla > Developers Summit at MIT two weeks ago. There needs to be a better way > to handle the trust issue than there is now. It's being workedon. I'm interested in how this is being approached on the Mozilla side. We have similar issues with Eclipse and are trying to tackle them now. Is there some place I can observe this work? I'm mainly interested in shared installations and management with RPM. Thanks, Andrew
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
