Jean-Marc Desperrier wrote: > Daniel Veditz wrote: > >>(I'm serious, by the way: we're most likely turning off XPInstall by default >>for most sites for Firefox 1.0) > > It does make more sense to sign XP package. > Site-level restriction is a problem for load repartition (isn't mozdev > strongly overloaded ?), and make the consequence of a site hacking more > dire.
More dire? If someone hacks a site on the user's whitelist all that can happen is that users would get today's experience -- the site can prompt them to install stuff. > There's no justification for seeing it as more difficult than site level > filtering. site level filtering is what I was talking about, and like popup blocking would probably (we're still arguing) default to blocked for sites that weren't explicitly enabled. -Dan Veditz _______________________________________________ Mozilla-security mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-security
