Update:Requirements/LegalAndReview

From MozillaWiki
Jump to: navigation, search

Posted by cbeard and dveditz.

FOR FEEDBACK AND REVIEW

Mozilla Policies & Legal Requirements

V0.2

All Extensions and Themes hosted by mozilla.org must meet certain standards for quality and security, consistent with the Mozilla brand and reputation.

We enforce these standards through a variety of means, including:

  1. Requiring all individuals, groups, and companies to agree to the terms of the Mozilla Software Publishing Agreement before any Extension, Theme, or Plugin is hosted.
  2. Providing a reporting mechanism on all hosted software allowing users to report potential copyright infringement or malicious code. [1]
  3. Automated and manual review of all code to ensure code complies with the Mozilla Software Integrity Guidelines. [2]

Notes:

[1] We can accomplish this by adding a "Report Spyware" or similar link which creates a database entry, or bugzilla bug entry, or posts to a mailing list such that we can follow up when we see multiple or credible reports or someone doing something Evil.

[2] In addition to "UMO admins" review, we can also provide a "View Source" link in the online entry to allow people the opportunity to view code through some form of lxr interface without having to install the .XPI.

Mozilla Software Publishing Agreement

V0.0

Under development with legal group, but similar in setup to how we manage CVS access but with additional requirements to ensure limit of liability and confirmation on who the publisher is.

Mozilla Software Integrity Guidelines

V0.2

Above all else, an Extension or Theme hosted by mozilla.org must not do anything that compromises the integrity or security of the end-user. It must not do anything Evil. There must be no doubt that it is only doing what it advertises to be doing. UMO Admins will have wide discretion and authority to make subjective judgments on the integrity of any software submitted for hosting.

  1. All hosted software must be in an acceptable source format. It does not have to be open source, but code must be licensed such that it can be viewed and read by both mozilla.org staff and potential end-users.
  2. A Privacy Policy must be displayed and agreed to by the end-user during installation if any hosted software collects (e.g. keystroke logging, network monitoring, etc.) or disseminates user data or if network connections beyond user initiated normal browsing are made. [1]
  3. All hosted software must:
    1. Update URL must not be specified. addons.mozilla.org is used automatically when there is no updateURL.
    2. Be useful and of high quality
    3. ...
  4. All hosted software must not:
    1. Change any update URLs on Firefox or any other application, Theme, Extension or Plugin
    2. Change any browser setting without explicitly notifying and getting permission from the end-user by way of a dialog
    3. ...

Notes:

[1] Perhaps we accomplish this with some sort of easy to use rating system, with visual cues of what different software does, as there are certainly legitimate uses, like, say, the Amazon browser.

Retrieved from "https://wiki.mozilla.org/index.php?title=Update:Requirements/LegalAndReview&oldid=21060"