[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: packaging thunderbird and firefox extensions as RPM in Fedora



On Mon, 2007-16-04 at 13:09 -0400, Christopher Aillon wrote:
> > Security is another issue; I trust an rpm package from an official
> > repository more than a lousy, unsigned xpi from an ip-only webpage
> > (e.g. TBP).
> 
> Trust and security are different.  I don't see how security will be any 
> better if nobody bothers to audit the code from these extensions.  We're 
> just assuming blame.  This was discussed at the recent Mozilla 
> Developers Summit at MIT two weeks ago.  There needs to be a better way 
> to handle the trust issue than there is now.  It's being workedon.

I'm interested in how this is being approached on the Mozilla side.  We
have similar issues with Eclipse and are trying to tackle them now.  Is
there some place I can observe this work?  I'm mainly interested in
shared installations and management with RPM.

Thanks,

Andrew

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]