[Project_owners] XPI install still vulnerable to MITM attacks on mozdev.org
Pete Collins
pete at mozdevgroup.com
Wed Jul 18 05:44:12 PDT 2007
> and the one most easily supported without requiring developers
>get code-signing certs.
>
>
>
If you are serious about security and your extension/add-on, then you
would get a code signing cert.
The best protection we have right now for extension security is to sign
them.
--pete
--
Pete Collins - Founder, Mozdev Group Inc.
www.mozdevgroup.com
Mozilla Software Development Solutions
tel: 1-719-302-5811
fax: 1-719-302-5813
More information about the Project_owners
mailing list