-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The "make firefox" rule uses wget to get a few files.  Is this because you 
> don't want to distribute signatures on Github?  Ideally, it would use local 
> files only.
I was referring to the HTTPS statement. I'd like to deepen this statement.
There are signatures and I also think that the GitHub clone reduce the 
complexity. I agree that the latter will be the default. However HTTPS is used 
both in the clone and in the process to get my public key.

>  Well, it crashed my machine... I had to reboot the whole thing.  It would be 
> nice if it did something more graceful when presented with 20 links at the 
> same time, even if it is just asking for confirmation.
Why 20? Why not 10, 30 or other numbers? However to avoid DOS attacks, very 
plausible, is useful to have a maximum requests per second. When this limit is 
reached the extension blocks other request and warns the user. This is a vital 
feature.. ;)
> Also, I think your tool could be quite useful for several different use 
> cases.  Perhaps it's better to have the default configuration being 
> unobtrusive, but allow the user to switch on more defenses if they like.
I think that the opposite is better.  *The user* sets as default "Open here 
mode" (not secure), and then, trough Quick Settings, it could switch to 
"redirection mode". Quick Settings has to be very flexible.
More secure default, is better.. I repeat: the extension did its job.
However why do you not whitelist these (20+) URLs (or related domains), if you 
consider them trustworthy?

> (I think this idea needs a bit more thought!)
I agree. It's something not, principally, related to this extension. I'm also 
waiting to try the stable 4.0.

Best Regards,
Raffaele.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlp3Qf4ACgkQjTxG+6f1
ce7BnhAAwF/AY+45vN0w7bnRTv2Db5p6sHwDphKJ0zodyHOdvVb6oUyt6JFkHvbA
u/xsZflBRhZr82u2B+17//lyazXjBN3JiZkDPhKyDie0frlS/4YtTu8W2hNorzOu
lW3QFvie9qsPyPjSqtgUijS7nkPguXCDnbPmYPnnYQLyubI7MOVKD8E+ePW5WAdj
E1lMZvSRot47oB7I7RvCzo1tqSDj6pb72JlTFL1OARYQqyKV5kMOnDOFi4mONCat
tt+u3dMgEm4eQ7k+Y3PEVLmLcw9p2RYawRsF8n+8RZHdCHc1UTpL2hwvii+Um0jW
kggj5GA83wTn6q+4xf4TkVulPMZX9lYagp4Lv3KvQjAxL+Gw+HFhOY9ryREKLcSs
O8hX1VbZBDIk2y2A76+x3AhGPqlpoAzDAKcti9au9ftUw7lbTpZMDTp79DqJiHLD
TAcNmk5xvzzj9yJiswSVff5ykf51ogFVndQpzKxfgwGOqoZtx7w69v46nCp9dnjx
qVD193N5MAlm9ewvGAwYReepcNW0rpBhP69dTzuYFGQzQ5t72ip6Jr7YWa9ReYf2
e3eBzs4jyx9Bsm6IzP0kphcWwp4goxlymnm/Bwa1Knx9RdpZzekVo46ujiC6SZI6
Npbmf5EYLtYqFLXdujuva8CBg1jbBfUSpvBP0KQMov8E9RiEk+s=
=lITa
-----END PGP SIGNATURE-----

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-devel+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-devel@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-devel/4RuL5V-Z2zYXtQHBzASIEQrJWZaKhYPSjioYTd3EqMQmfmfGaKaP5NdnPAQeYd4-TnnB8fceaemTSqB0DxRwNFKVrh6BUH0JhsxrpOYzzgs%3D%40protonmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to