On 05/16/2015 08:33 AM, Narcis Garcia wrote:> El 16/05/15 a les 07:51, Florian Pelz ha escrit:
On 05/15/2015 09:07 AM, Narcis Garcia wrote:How does Mozilla solve the third-party development of extensions to manage the addition and updates in addons.mozilla.org ? Is it really necessary to be a single website (the official) with the only extensions repository? Similar to app.packages, how about the PPA model apart of main/supported repositories?[…]
I was suggesting both cases to give ideas around the problem of checking all extensions and updates in extensions.gnome.org
Mozilla apparently has an add-on approval process where they check the source code [1]. The way I understand it, they also have two categories of add-ons; one reviewed and tested more cautiously and another category where they just glance over the source code, but the browser will display a warning when installing. I don't see how PPAs solve the extension review problem. From a security standpoint, users should not be encouraged to install third-party software that has not been reviewed. Extensions seem to be an easy way to spread malware if unreviewed. Besides, having a central extension repository helps making extensions known. [1] https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews
Attachment:
signature.asc
Description: OpenPGP digital signature