On 11/28/15 2:06 AM, Gavin Sharp wrote:
The assumption that the validator must catch all malicious code for add-on signing to be beneficial is incorrect, and seems to be what's fueling most of this thread. Validation being a prerequisite for automatic signing is not primarily a security measure, but rather just a way of eliminating "obvious" problems (security-related or otherwise) from installed and enabled add-ons generally. With add-on singing fully implemented, if (when) malicious add-ons get automatically signed, you'll have several more effective tools to deal with them, compared to the status quo.
Gavin, an "assumption that the validator must catch all malicious code for add-on signing to be beneficial" is not fueling any part of this thread. Based on this comment, it sounds like you haven't read either my original post [1] or my post to this list from a few hours ago [2]. It would be helpful if you would do so before trying to engage in this discussion.
Again, I'm not objecting to signing, automated review, or manual review on their own — I explicitly explain their benefits in my original post — but the pointlessly disruptive way they are currently implemented, which stems from faulty assumptions about the capabilities of the automated scanner.
[1] http://danstillman.com/2015/11/23/firefox-extension-scanning-is-security-theater [2] https://groups.google.com/d/msg/mozilla.dev.platform/AGW3-zSBjl8/iOZ-kYSmCQAJ
_______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
