Quoth Tom Ritter: > This makes it harder for someone to compromise your account, but not > Google. In the Android App store, it's a *little* stronger, as apps > are signed by a developer key, and they need that key to update. > Except if Google really wanted they could push down an update to > bypass that. It'd be more work though.
Can you definitely not sign extensions with a private key? I know you used to be able to; I remember writing code to do that a year or two ago. Could you then force the extension to check the key before updating itself? Probably not, it's probably well outside of the extension's control, and besides, if you're worried about an evil google, hey, they control the browser, so you've already lost. Nick -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.