<div dir="ltr">Someone told me that gmail has an "unsend" function, but I can't find it.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Aug 17, 2015 at 12:45 PM, Jim Blandy <span dir="ltr"><<a href="mailto:jimb@red-bean.com" target="_blank">jimb@red-bean.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div>I wonder if there isn't a way to address everyone's concerns here:<br><br>If I were to publish a library that malware authors could use to patch the Firefox binary itself and disable the signature checking, then that would allow malware authors to install their add-ons anyway. Then the advantage of checking signatures would be negated, and Mozilla could drop the signature requirement with no impact on users' security.<br><br></div>- Mozilla would be happy: we grant users more control over the software they run.<br><br></div>- Users would be happy: they could run whatever add-ons they want.<br><br></div>- Malware authors would be happy: they would have a vector for exploitation that can almost certainly adapt to any preventative solution we develop.<br><br></div>It would be a win-win-win situation.<br><br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On Mon, Aug 17, 2015 at 11:52 AM, Mike Hoye <span dir="ltr"><<a href="mailto:mhoye@mozilla.com" target="_blank">mhoye@mozilla.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 2015-08-17 2:49 PM, Eric Shepherd
wrote:<br>
</div>
<blockquote type="cite">
<span>»Q« wrote:</span><br>
<blockquote type="cite">
<blockquote type="cite" style="color:rgb(0,0,0);display:block">
<pre><span>> </span>My biggest problem with it is... There are a lot of rather useful
<span>> </span>"abandoned" add-ons that the authors are no longer maintaining, but
<span>> </span>they still work and are useful. When signing is enforced, they'll,
<span>> </span>sadly, be lost.
</pre>
</blockquote>
<pre>You can submit them to Mozilla for signing. See
<a href="https://groups.google.com/forum/#%21topic/mozilla.addons.user-experience/j_npWpkX5oA" target="_blank"><https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/j_npWpkX5oA></a>.</pre>
</blockquote>
Whoops. I should know better than to comment before reading to the
end. Sorry about my previous message.<br>
</blockquote></span>
Perhaps obviously, if the licensing terms of an abandoned addon
permit it it would be nice if they were republished publicly.<br>
<br>
- mhoye<br>
</div>
<br></div></div><span class="">_______________________________________________<br>
firefox-dev mailing list<br>
<a href="mailto:firefox-dev@mozilla.org" target="_blank">firefox-dev@mozilla.org</a><br>
<a href="https://mail.mozilla.org/listinfo/firefox-dev" rel="noreferrer" target="_blank">https://mail.mozilla.org/listinfo/firefox-dev</a><br>
<br></span></blockquote></div><br></div>
</blockquote></div><br></div>