canmove, Confirmed users, Bureaucrats and Sysops emeriti
2,776
edits
ChannelSwitching/ChannelSwitchingFeature: Difference between revisions
Jump to navigation
Jump to search
ChannelSwitching/ChannelSwitchingFeature (view source)
Revision as of 19:14, 19 April 2011
, 19 April 2011→Security Review
No edit summary |
|||
| Line 99: | Line 99: | ||
== Security Review == | == Security Review == | ||
Date Discussion occurred: 2011.04.14 | |||
Security Concerns: | |||
Possible broken update process | |||
User could be deceived into switching channels and be stranded without a way to a usable version | |||
An add-on could be created to modify channel preferences | |||
Responses to concerns: | |||
Initial implementation is that Aurora users can go to beta, others can not | |||
Furthest back a user could go is the release channel | |||
Users can still opt-out of all updates (user choice even if not advisable) | |||
UI is a XUL window that is not mapped to an "about:" | |||
Channel info is stored in a preference that once applied is removed | |||
All existing channels are hard coded, thus a be build required to add or remove channels | |||
Add-on verification process will need to be modified to check for possible preference changing | |||
Outstanding but not security issues at this time: | |||
Channel names are not localizable at this time | |||