|
|
|
|
|
|
by c64ec30650ea3c4
2606 days ago
|
|
|
I'm shocked and suprised to find out that mozilla is using EXPIRING certificates for this. It requires them to continuously take action to prevent all addons from breaking, which will eventually fail (like it did). Firefox has a pretty robust update system and everyone is used to frequent updates. Why don't they instead have a revocation system built into updates? That way they would have to take action to disable malicious addons, and the good ones could go on working forever. Is there something about this idea that is so much worse than what happened today? |
|
|
If an extension turns out to be malicious, you simply deactivate it in the store, and then proactively deactivate the existing installs. This is how Chrome is doing it.
But having a certificate does offer Mozilla the feeling of absolute control, which seems to be of primary importance for them nowadays.
This is probably the reason release and beta users are not even allowed to deactivate signing in the about:config settings.