Hacker News new | past | comments | ask | show | jobs | submit login

It's perplexing that Mozilla insists on forcing signature checks at any cost in release builds, when there is no consensus on the fundamental reason for doing so.

> Most fundamentally, the full Firefox team does not have a common understanding of the role, function, and operation of cryptographic signatures for Firefox add-ons. For instance, although there are several good reasons for signing add-ons (monitoring add-ons not hosted on AMO, blocklisting malicious add-ons, providing cryptographic assurance by chaining add-ons to the Mozilla root), there is no shared consensus on the fundamental rationale for doing so.

https://wiki.mozilla.org/Add-ons/Expired-Certificate-Technic...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: