Talk:Extension Blocklisting:Code Design

From MozillaWiki
Revision as of 06:03, 16 February 2006 by Robert Strong (talk | contribs)
Jump to navigation Jump to search

What if a poison-XPI vendor just cycles the GUID with each served XPI? Spammers don't care for rules or standards and it only needs to be installed once.

Kroc 01:42, 15 Feb 2006 (PST)

Extension Manager blacklisting isn't a magic pill for all possible problems though it does solve the problem with a malicious XPI if the ID isn't changed. It also solves the problem for extensions that have an ID that doesn't change and have security vulnerabilities, memory leaks that harm the user experience, break the app (especially extensions that have a targetApplication maxVersion that is in the future), and other cases as well. You may be interested in Bug 250854 which can prevent installation from a site that is in a blacklist though this obviously is also not a complete solution to the potential problem that you brought up. User education to not install extensions from sources they are unfamiliar with also goes a long way to solving the problem you brought up.

Robert Strong 21:52, 15 Feb 2006 (PST)
Retrieved from "https://wiki.mozilla.org/index.php?title=Talk:Extension_Blocklisting:Code_Design&oldid=18089"