Heikki Toivonen wrote:
> Now the way I see the way forward is: code. Or if you can't code,
> recruit coders to work on some promising anti-phishing feature.
And this is my problem.
I know code talks, and I think there are some ideas out there which
absolutely are _not_ the right thing to put into Firefox. However, as
luck would have it, those ideas often are suggested by people who
actually have time to implement them.
Therefore, I spend a lot of time trying to explain why these ideas are
not good, and why their supporters should not try and get them into
Firefox, because I'm very afraid that one day the Firefox developers
will collectively look up and say "aargh! let's do something about
phishing", and check in the most complete implementation of something
out there, whatever it does.
And, once you've added a security feature, it's extremely hard to take
it out. Consider the lock in the URL bar, which I believe is a mistake
now that we've decided the URL bar isn't permanent - it's a UI
duplication which can confuse users. However, we probably can't remove
it. It's not like non-UI code - bad stuff can't be incrementally
replaced with good stuff.
Therefore I spend a lot of time writing up my point of view, and arguing
for it - and so I don't spend very much time coding. It's a vicious circle.
Gerv
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
