Proposal: MailExtensions API to allow UI overlays, but no script injection

Tanstaafl tanstaafl at libertytrek.org
Mon Oct 21 15:10:30 UTC 2019


On Wed Oct 16 2019 15:05:41 GMT-0400 (Eastern Standard Time), Eyal
Rozenberg <eyalroz at technion.ac.il> wrote:
> Thunderbird + extension is just like Thunderbird + another app where
> it comes to security and such. There is no need for trust - the user
> installs the extensions s/he likes and it's totally on them.

I agree with this to a large degree, but...

> If I'm going to develop the "delete all your mail folders and send
> lots of spam messages" extension - that should install and run
> smoothly!
I disagree with this vehemently.

There should absolutely be a decently high bar that an Addon that is
submitted must reach before it is approved, and one of those bars should
be no malicious code.

That said, if it reaches that bar... ok, well, here is my argument, fwiw...

This is why I feel so strongly about supporting Web Experiments (WebExp)
permanenetly, or at least until something is pushed from the Mozilla
side of things that creates the situation where it becomes a huge
time-sink/cost of developer resources to continue supporting WebExp -
and my understanding is that there is no evidence that will ever be the
case, at least in the foreseeable future.

If devs want to save some time/resources on supporting problems caused
by AddOns using WebExp, this would be a great argument for providing two
different stable versions of Thunderbird - one with, and one without,
WebExp (it shouldn't require you to install a Dev or even a Beta
version, there should be a Release version option for either).

Push people toward the non-WebExp version. If someone wants to err on
the side of safety and/or stability, thats the version they'll install.

Have a big fat scary warning for anyone who opts to install the WebExp
enabled version to scare away those who probably shouldn't be installing
just any Addon, that explains the risks well enough to let those of use
who are willing to accept the 'risks' can do so. But allow those of us
who understand the risks and are willing to accept the consequences of
the choice.

This way, any issues with users shooting themselves in the foot as the
result of an AddOn that broke something in a bad way, can be pointed to
the page where they agreed to assume said risks.


More information about the tb-planning mailing list