[Project_owners] You are all wasting your time on mozdev.org...

Michael Vincent van Rantwijk, MultiZilla mv_van_rantwijk at yahoo.com
Mon Nov 19 17:04:24 PST 2007

Axel Hecht wrote:
> Robert Kaiser wrote:
>> Eric H. Jung wrote:
>>> --- Robert Kaiser <KaiRo at KaiRo.at> wrote:
>>>> If the review times
>>>> there discourage you, then what you should do is help that situation by
>>>> taking part in the review process
>>> I don't agree. Participating in the review process means sacrificing 
>>> time towards developing
>>> addons. There is a large audience of people who want to develop in 
>>> their limited free time, not
>>> review. Other alternatives to your suggestion:
>>> 1. Push for AMO to change its review process
>>> 2. Publish your addons to both AMO and another site (e.g., mozdev)
>>> 3. Ignore AMO
>>> ...and I'm sure there are some I've missed.
>> The review process ensures that all add-ons available from that site 
>> are usable, reasonable quality and not malware, which the uncontrolled 
>> process of most other sites can't even nearly guarantee. Of course, 
>> that process also comes with the cost of being slower.
>>> As I wrote earlier, mozdev is most definitely the prime entry point 
>>> for users downloading *some*
>>> extensions/addons. The addon author is free to use mozdev in this 
>>> way, so it's unclear to me why
>>> you claim mozdev isn't "designed to be that". How is it that you 
>>> decide what mozdev is designed
>>> for and what it isn't?
>> What I decide is that we don't link mozdev but AMO as the "Add-Ons" 
>> link on the SeaMonkey project website.
>> This is because mozdev is not a general normal-user entry point for 
>> downloading Add-Ons, while AMO is designed to be just that.
>> Some mozdev project pages may very well be designed for download of 
>> one or even a handful of add-ons, but not as a general entry point for 
>> any kind of add-on. And what we link needs to be something like that.
>> We surely want to link resources where people can get other add-ons, 
>> but not as a link on the front page or the main menu, probably either 
>> on our community page or in the documentation section of the website. 
>> And that is all the original discussion on mozilla.support.seamonkey 
>> (which Michael partly cited) was about.
>> Robert Kaiser
> What Robert said, and in addition:
> If mozdev.org ever became a resource directly exposed to end-user, it 
> would instantly fall over its feet. 

So who handled all download before AMO, right that was mozdev.org

> AMO doesn't stumble just because it 
> wants to, but because it's the primary attack surface to a significant 
> part of the internet population, and that just takes some compromises.

"a significant part of the internet population"  Huh?  We're talking 
about SeaMonkey here, remember?  Unfortunately still with a much smaller 
user base world wide.  This is so not about Mozilla Firefox!

> Right now, mozdev.org enjoys security through obscurity, that is, nobody 
> has to worry about the download links here because they're just 
> undiscoverable. Would any project lead out there, say, mconnor or the 
> SeaMonkey council, decide to change that, mozdev.org as we know it would 
> fail. Instantly. Badly. It could easily fail beyond the scope of 
> mozdev.org.
> Axel

AMO itself wasn't secure for a long time.  Also, these hashes are only 
added recently, right, so do you really think that this review process 
will cure everything?  It might be good, be it too slow, but don't make 
it look like big mama's secure was all that good, because that is a 
bogus claim... and you know that don't you?

Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer

More information about the Project_owners mailing list