On Sat, Nov 28, 2015 at 2:06 AM, Gijs Kruitbosch <gijskruitbo...@gmail.com> wrote:
> On 27/11/2015 23:46, dstill...@zotero.org wrote: > >> The issue here is that this new system -- specifically, an automated >> scanner sending extensions to manual review -- has been defended by >> Jorge's saying, from March when I first brought this up until >> yesterday on the hardening bug [1], that he believes the scanner can >> "block the majority of malware". >> > > Funny how you omit part of the quote you've listed elsewhere, namely: > "block the majority of malware, but it will never be perfect". > > You assert the majority of malware will be 'smarter' than the validator > expects (possibly after initial rejection) and bypass it. Jorge asserts, > from years of experience, that malware authors are lazy and the validator > has already been helpful, in conjunction with manual review. Did Jorge in fact assert that that as a matter of fact or as a matter of opinion? Maybe I missed it. This seems like an empirical question. how many pieces of obvious malware (in the sense that once the functionality is found it's clearly malicious code as opposed to a mistake, not in the sense that it's easy to find the functionality) have been found by the review process? How many pieces of obvious malware (in the sense above) have passed the review process or otherwise been found in the wild? -Ekr _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
