Jean-Marc Desperrier wrote: > Gervase Markham wrote: >> Jean-Marc Desperrier wrote: >>> You don't care *who* the owner of the cert is. What you care about is >>> if he intends to use his signing cert to distribute spyware >>> extensions. And his identity tells you nothing about that. >> >> No, but it does tell you whose door the police can go knocking on if >> he logs into your online banking and steals all your money. > > How effective has this approach been until now to block spam and spyware > ?
Well, it has nothing to do with spam one way or the other. As for spyware, it depends what type you mean. There's plenty of stuff out there that we'd call spyware which is still legal. And the stuff that isn't legal is normally installed via browser flaws, not via the user clicking "OK" on some code-signing dialog. > In real life "we'll sue" simply doesn't work to deter spyware and MoFo > just doesn't want to wage this fight as proven by this : > http://weblogs.mozillazine.org/asa/archives/2007/03/please_get_fire.html > (I mean given that you know this exist where is your action to get > judicial injunctions to make it stop ?) We have an active enforcement program, going after people who abuse our trademarks in various ways. However, charging a fee to obtain Firefox is not illegal. > But I think functional review would bring more than you might believe. > It's a significant barrier to entry if someone who wants to distribute a > spyware extension It's a significant barrier to entry for someone who wants to distribute _any_ sort of extension! > Extensions of course would not be accepted when there's already another > extension that does the same, or has so few difference that it would be > better to provide a patch to it. This would require a level of control over the extension community which we have so far been entirely unwilling to even consider, and is antithetical to our "choice and innovation" principles. Gerv _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
