[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: packaging thunderbird and firefox extensions as RPM in Fedora

Enrico Scholz wrote:
Owen Taylor <otaylor redhat com> writes:

My feeling is if there are extensions with binary components, it makes
sense to package them, but for pure Javascript/XUL extensions, it's
probably easier to let users just install them directly into their
account for now.

Manual installation of extensions is a pain when you want the same
firefox setup in different environments (home, work, laptop). Doing
'yum install firefox-...' is much easier.

I disagree that manually typing anything is better than just clicking on an .xpi and having it work.

Security is another issue; I trust an rpm package from an official
repository more than a lousy, unsigned xpi from an ip-only webpage
(e.g. TBP).

Trust and security are different. I don't see how security will be any better if nobody bothers to audit the code from these extensions. We're just assuming blame. This was discussed at the recent Mozilla Developers Summit at MIT two weeks ago. There needs to be a better way to handle the trust issue than there is now. It's being workedon.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]