When you blatantly violate the IP of a well-trusted dev, posing as a third-party and successfully tricking Apple, yeah, you are a pretty big data point. You can't call CloudStrike an anecdote.
My bigger intention is to fight the idea that automated solutions are necessarily better than inept human-reliant ones. Firefox doesn't even have remotely Apple's scale or revenue to work with - who seriously expects Mozilla to do better than them?
I'm not sure, if moz revenue is something like 600 m and the ceo makes 7 m while apples revenue is something like 400 b and the ceo made 63 m. You get something like 7/600 vs 63/400000 ?
Then Mozilla should do at least 1000 times better even if it is just a forgotten side project like Firefox?
uhhh what were we talking about again... ah right extension reviews.
Well, just let the developer pay for 50 different tiers of review with prices scaling with the size of the code base or upgrade. Display the level of scrutiny on the extension page, have a donate to the cause button so that funds contribute only to reviews.
If you've installed any extensions you should regularly be made aware of the security risk and have a nice overview of the level of hazard and fund raising efforts.
If you've reached a high level of security further upgrades will either be expensive or install should be discouraged.
In the same place the developer can explain how urgent or useful the upgrade is and users can donate to bring the patch up to the desired level.
Code changes can be displayed with public discussion. This will be useful for doing the different reviews as cheaply as possible. Let there be bidding wars.
In addition there should be an extremely granular permission system that triggers dialogs in an amount sensible for the review level. Developers should be allowed to buy reviews for tiny functions that accurately define permission requests.
For example: Rather than full access to all pages I want access to all links pointing at example.com and I want to fetch the title of the pages on example.com Or say: I don't want access to the entire internet but only to things in valid RSS or Atom format.
Seems a sensible solution to me and I don't even know anything.
When you blatantly violate the IP of a well-trusted dev, posing as a third-party and successfully tricking Apple, yeah, you are a pretty big data point. You can't call CloudStrike an anecdote.
My bigger intention is to fight the idea that automated solutions are necessarily better than inept human-reliant ones. Firefox doesn't even have remotely Apple's scale or revenue to work with - who seriously expects Mozilla to do better than them?