|
|
|
|
|
|
by jrkatz
2988 days ago
|
|
|
The signature doesn't have to be from the developer; it could be a signature from google that marks the extension was compiled from/matches the specified source. If you're running chrome and installing extensions from the chrome web store you're trusting google already. As evinced by the article, the web store isn't perfectly trustworthy but this kind of validation could be done automatically and I do trust their ability to automate. |
|
|