←back to thread

Firefox 42 will not allow unsigned extensions

(wiki.mozilla.org)
288 points fernandotakai | 2 comments | 11 Aug 15 03:51 UTC | HN request time: 0s | source
Show context
Communitivity ◴[11 Aug 15 11:52 UTC] No.10040313[source]
Epic fail. Mozilla should be making the browser subsystems more secure, not saying 'Trust us, we'll ensure your add-ons are secure'.

Will the add-ons source code be reviewed by a CISSP skilled in the languages used within the add-on? Will the add-on be tested with the top 1000 add-on combinations out there? If the add-on provides an API, will it be tested using fuzzing? The list of these questions, and the others to which your answer is likely 'no', goes on. If you are not doing these things then you are providing a false sense of security. You may catch the bottom 60-80% of malware and unstable add-ons, but the most dangerous 20% will likely slip through, in my opinion.

This does not make sense from a UX perspective, as MANY others here have pointed out, so I won't go into that further. I will point out that it doesn't make sense from a business perspective either. If you are saying your add-on signing program improves security, and you let an add-on through that has malware, then you might be sued (I am not a lawyer, this does not constitute legal advice, etc.).

So to recap and summarize, with brevity, and with accuracy...

EPIC FAIL

replies(2): >>10040530 #>>10040538 #
1. TazeTSchnitzel ◴[11 Aug 15 12:40 UTC] No.10040530[source]
The law allows people to make mistakes. You clearly have no idea what you are talking about.
replies(1): >>10044981 #
2. Communitivity ◴[11 Aug 15 23:03 UTC] No.10044981[source]
Heh. Sure :)

You're right about law, I know little - I am not a lawyer.

I suspect there will be someone who blames their corporate data breach on Mozilla's policy, if they can make even the flimsiest case. Mozilla might win, at the cost of money, time, and bad PR. I suspect it more likely that they'd settle out of court. I'd love to hear a lawyer weigh in.

I also love how I posted on here (I seldom do) about an issue I felt passionately about, in an area that I do know a bit about, and you responded with a personal attack.

Ask yourself this, what is it you hate so much about the world, yourself, me, or my post that compelled you to personally attack a complete stranger who was donating time and thought to the discussion? Did it make you feel better? Stronger? Isn't that the very behavior you've campaigned against, elsewhere on the web?