|
|
|
|
|
|
by user17843
2605 days ago
|
|
|
Imho, making it available via about:config switch would be entirely sufficient. There are dozens of settings that already affect security, like ssl handling, safe browsing, firstparty isolation, and tracking protection. But where is the evidence that malware has ever switched off safebrowsing for example? Your entire premise of extension signing and AMO store moderation rests on the premise that this is actually helpful for keeping extensions safe, but then you say nothing is safe. There is only one gateway for malware to change the about:config settings in the first place, and that is through your signed extension process. How safe should things be? Edit: Maybe you could allow disabling the signing process via enterprise policies under the condition that the about:config settings are locked, which in my understanding would make it basically impossible for extensions to change anything. Would that help make it more secure? |
|
|