On 2014-04-20 12:53, Andrew Sillers wrote:
Without further comment, I'll call out:
* the FAQ entry on this topic:
https://www.eff.org/https-everywhere/faq#amo
This one doesn't seem to make sense to me. The Mozilla privacy policy
would only apply to Mozilla possibly keeping track of who downloads the
add-on, but wouldn't automatically make the add-on start intruding on
privacy somehow, would it?
More importantly, if a user is happy with a less restrictive privacy
policy, what's the problem?
* the extant discussion on this topic in the bug tracker:
https://trac.torproject.org/projects/tor/ticket/9769
While the approval process is a factor, having some code in the rulesets
that says "Do not apply this rule to versions below 'x'" should negate
the issue of time-sensitive rules, save for the fact that an
incompatible rule simply won't run until the extension is updated. A
small price to pay for making this easy and safe for users.
As far as signing, the ruleset update signing has already been discussed
and can still be done separate from rule updates using EFF's key.
It ultimately may not be as simple as just uploading to Mozilla and
being done with it, but it's pretty close to that and it's not as though
EFF is releasing frequent enough updates for Mozilla's slight delay to
be a significant factor, at least IMO.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
_______________________________________________
HTTPS-Everywhere mailing list
[email protected]
https://lists.eff.org/mailman/listinfo/https-everywhere
