First, the "overly broad block" was an absolutely lazy way out, and should have been readdressed long ago.
Second, you (in the collective sense) should "remove the broad block", by all means. Posthaste. Third, "block[ing] the known-vulnerable versions, which would require coming up with a regexp that matches only the right versions" should have been the implemented solution long ago---certainly as soon as there were new versions without the vulnerability. As a computer programmer myself, I cannot believe that this has gone unaddressed for so long. It truly causes me to question competencies. (I do hope someone on the Dev-team knows how to create "a regexp that matches only the right versions".) David On Friday, July 18, 2014 3:31:53 PM UTC-5, Gavin Sharp wrote: > >From an off-thread reply this is: > > > > https://addons.mozilla.org/en-US/firefox/blocked/p428 > > > > https://bugzilla.mozilla.org/show_bug.cgi?id=636633 > > > > We blocked all versions last year, since it was easier than trying to > > block only the vulnerable versions > > (https://bugzilla.mozilla.org/show_bug.cgi?id=636633#c8). There have > > since been versions released that apparently have no known > > vulnerabilities. > > > > It's not clear why some people in the bug are so up in arms about the > > overly broad block - is the plugin actually useful in ways we weren't > > aware of, or do people just not like seeing the "blocked" message > > unnecessarily? > > > > With click to play on by default we could probably remove the broad > > block, but we'd want to still block the known-vulnerable versions, > > which would require coming up with a regexp that matches only the > > right versions. > > > > Gavin > > > > On Fri, Jul 18, 2014 at 11:17 AM, Gavin Sharp <ga...@gavinsharp.com> wrote: > > > Which warning are you referring to exactly? Do you have a screenshot? > > > > > > Gavin > > > > > > On Fri, Jul 18, 2014 at 5:48 AM, JW Clements <m...@jwcca.com> wrote: > > >> The issue was resolved by Oracle some time ago. > > >> Continued display of this message is disconcerting to some people and > > >> unwarranted. > > >> It was a good thing when the vulnerability was first discovered but it's > >> now > > >> a bad thing. > > >> > > >> Could some dev pick this up and clear that message? > > >> > > >> Thanks > > >> > > >> _______________________________________________ > > >> dev-platform mailing list > > >> dev-platform@lists.mozilla.org > > >> https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
