On Thu, Feb 12, 2015 at 09:54:16AM -0500, Miloslav Trmač wrote: > > or simply exempt signature checking if > > the extension is on disk. They should check on download only. > > That would defeat the entire purpose; malware is very commonly > sideloading extensions.
If we only exempt extensions installed by RPM it is reasonable to assume that our new package review process would have validated there is no malware present. Our package review process is serving the same kind of purpose as Mozilla's extension review & signing process. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- devel mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
