On Thu, Feb 12, 2015 at 09:54:16AM -0500, Miloslav Trmač wrote:
> or simply exempt signature checking if
> the extension is on disk. They should check on download only.
That would defeat the entire purpose; malware is very commonly
sideloading extensions.
If we only exempt extensions installed by RPM it is reasonable to assume
that our new package review process would have validated there is no
malware present. Our package review process is serving the same kind of
purpose as Mozilla's extension review & signing process.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|