-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric H. Jung wrote: > I agree with Michael that code-signing is the same as vouching that the > extension is non-evil. It simply ensures that the code hasn't been tampered > with.
I agree, and project owners using such MDO certificate should have some sort of statement on their download/installation page about it, no? > I'll open a bugzilla bug on it to track it, if you want? Yes, I think we need one for tracking progress. > It sounds like the timing is bad. Timing is always bad it seems ;) p.s. code signing was originally planned by MDO, but was later dropped for unknown reasons (unknown to me/or I just forgot why). /HJ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (MingW32) iD8DBQFFOva6Rrb6S73JMeYRAuw+AKCHnCKr2txXNZGxCDqdvVzcex0GUwCgkcZF TFMWdM9Q9VbRV+pgD9TV5MY= =BuGh -----END PGP SIGNATURE----- _______________________________________________ Project_owners mailing list [email protected] http://mozdev.org/mailman/listinfo/project_owners
