> >> Also, are there signing capabilities for xpis? How do I find out about that? > > > > we'd like to do so in the future. > > > > There are some usability issues to work out > > Well, the usability of > - downloading xpi > - downloading external sig > - checking both with PGP/GPG > - Installing by loading the xpi in the browser > isn't perfect either :). > > > and we have to figure out what to do if PSM isn't present. > > Display warning in the confirmation box (which is displayed anyway) that > you cannot verify the source. > > re: above - sounds good to me ! would really love this in the absence of a custom built installer
