Nils Maier wrote:
I leave out the non-relevant stuff for now and concentrate on what you really said! Assuming that the "impossible" from above would provide a solution to the problem, then we might work into this direction. Other opinions?Eddy Nigg (StartCom Ltd.) schrieb:Hypothetical question: If Mozilla or an independent organization could provide this service for free and reduce the efforts required to a minimum, would this solve the problem? Would the various applications, add-ons etc be digitally signed from then on (policy wise)?Cannot speak for everybody else, but it would solve the technical issues for me, at least to that point where I can "live" with it. I would be able to host some of my extensions myself, then signed of course. If it was easy to sign stuff then signing test versions wouldn't be a problem either, so that problem would be gone too.
I for one believe that writing and distributing software (being it core, add-on or update) brings a certain accountability with it. Additionally one wants to be sure, that installing or updating doesn't compromise the system either. Perhaps it even would protect the author and Mozilla to a certain extend. I think there was already one case where a Firefox add-on allowed a hacker access to the administrative interfaces of eBay...more to come in the future I guess!
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: [EMAIL PROTECTED] Phone: +1.213.341.0390
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
