[Project_owners] XPI install still vulnerable to MITM attacks on mozdev.org

Pete Collins pete at mozdevgroup.com
Wed Jul 18 05:44:12 PDT 2007


> and the one most easily supported without requiring developers 
>get code-signing certs.
>  
>
>
If you are serious about security and your extension/add-on, then you 
would get a code signing cert.

The best protection we have right now for extension security is to sign 
them.

--pete

-- 
Pete Collins - Founder, Mozdev Group Inc.
www.mozdevgroup.com
Mozilla Software Development Solutions
tel: 1-719-302-5811
fax: 1-719-302-5813



More information about the Project_owners mailing list