So... you're saying that his discussion list is only for those running the ESR version??
Can you provide documentation for that? Interestingly, I don't even see the Enterprise list listed on Mozilla's official page of all of their lists: https://lists.mozilla.org/listinfo On 2/2/2016 1:23 PM, Mike Connor <[email protected]> wrote: > If you're running ESR, you will continue to have that option for the > foreseeable future. If you're not, I believe this thread is well off > topic for this list. > > > On Tue, Feb 2, 2016 at 9:39 AM, Tanstaafl <[email protected] > <mailto:[email protected]>> wrote: > > I didn't say it never happens. > > I said it is not nearly the problem that you or Mozilla would have us > believe. > > But that is irrelevant, because, as I already pointed out, it has been > proven that enforced signing *will not protect anyone* - all it does is > provide a *false* security blanket. > > I have no problem with making enforced signing the default. I just want > the ability to disable it without having to resort to running an > unbranded version. > > On 2/2/2016 10:56 AM, Wolf, Daniel <[email protected] > <mailto:[email protected]>> wrote: > > You don't get infected with an add-in. Your user runs malware that > installs it. > > Companies with whitelisting will obviously not have this problem. > Nor is there a central way to get a listing of add-ins, you would > only know if you looked in Firefox on every machine. > > > > AdwCleaner, a tool designed to remove browser hijacking, has been > downloaded over 38 million times. > http://www.bleepingcomputer.com/download/adwcleaner/ > > > > Here are blog posts about malicious add-ins from just the last few > months > > > > https://blog.malwarebytes.org/security-threat/2016/01/yontoo-pups-with-two-faces/ > > > > https://blog.malwarebytes.org/security-threat/2015/11/framefox-nominated-for-the-most-aggressive-eula/ > > > > https://blog.malwarebytes.org/security-threat/2015/11/dynamicpricer-pup-disables-browser-updates/ > > > > > > This is a major issue that users deal with. If you don't believe > me, you're welcome to ask Mozilla, who are the developers of Firefox. > > > > Daniel Wolf > > > > -----Original Message----- > > From: Enterprise [mailto:[email protected] > <mailto:[email protected]>] On Behalf Of Timo Pietilä > > Sent: Tuesday, February 2, 2016 12:04 AM > > To: [email protected] <mailto:[email protected]> > > Subject: Re: [Mozilla Enterprise] Add-on Signing in ESR > > > > On 1.2.2016 17:32, Tanstaafl wrote: > > > >> I have been managing a smallish (50-80 over the years) install > base of > >> both Firefox and Thunderbird since before Firefox 1.0 was released, > >> and *not once* have I encountered a user who got infected with a > >> malicious Addon. > > > > I got a bit larger user base: I distribute FF and TB for > University with about 50k students and around 7000 staff and have > been working here for about 15 years now. Not one case of malicious > add-on at that time. > > > > Timo Pietilä _______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
