On 02/07/2010 09:11 PM, Daniel Veditz:
The unreviewed addons should go on a completely separate site and not show up in AMO search results, just as Firefox "experimental" nightly builds aren't available from the product pages on mozilla.com.
Makes sense.
An analogy I've used before: if you went to your favorite bakery and they were offering "experimental" muffins you might expect them to taste bad. You would not expect them to be laced with heroin because the shop is giving shelf space to anything dropped off at the back door by who knows who. "experimental" does not cover it.
Another question is, how thorough is any review Mozilla performs? And with such a review and offering to download the extensions from one of the official Mozilla web sites, Mozilla effectively takes on responsibility and a certain liability. Perhaps a valid question is, if Mozilla wants/should do that.
And why not off-load at least some of that burden to proper identity and/or organization validation? I would feel more comfortable if I knew that the developer could be tracked to a legal identity in case of intentional misuse.
-- Regards Signer: Eddy Nigg, StartCom Ltd. XMPP: [email protected] Blog: http://blog.startcom.org/ Twitter: http://twitter.com/eddy_nigg _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
