Talk:Extension Blocklisting:Code Design: Difference between revisions
Add topicThere are no discussions on this page.
|
|
| (One intermediate revision by the same user not shown) |
| Line 1: |
Line 1: |
| What if a poison-XPI vendor just cycles the GUID with each served XPI? Spammers don't care for rules or standards and it only needs to be installed once.
| |
| :[[User:Kroc|Kroc]] 01:42, 15 Feb 2006 (PST)
| |
|
| |
|
| Extension Manager blacklisting isn't a magic pill for all possible problems though it does solve the problem with a malicious XPI if the ID isn't changed. It also solves the problem for extensions that have an ID that doesn't change and have security vulnerabilities, memory leaks that harm the user experience, break the app (especially extensions that have a <tt>targetApplication</tt> <tt>maxVersion</tt> that is in the future), and other cases as well. You may be interested in [https://bugzilla.mozilla.org/show_bug.cgi?id=250854 Bug 250854] which can prevent installation from a site that is in a blacklist though this obviously is also not a complete solution to the potential problem that you brought up.
| |
| :[[User:Robert Strong|Robert Strong]] 21:52, 15 Feb 2006 (PST)
| |
Latest revision as of 19:35, 2 March 2006