packaging thunderbird and firefox extensions as RPM in Fedora
Christopher Aillon
caillon at redhat.com
Mon Apr 16 17:09:34 UTC 2007
Enrico Scholz wrote:
> Owen Taylor <otaylor at redhat.com> writes:
>
>> My feeling is if there are extensions with binary components, it makes
>> sense to package them, but for pure Javascript/XUL extensions, it's
>> probably easier to let users just install them directly into their
>> account for now.
>
> Manual installation of extensions is a pain when you want the same
> firefox setup in different environments (home, work, laptop). Doing
> 'yum install firefox-...' is much easier.
I disagree that manually typing anything is better than just clicking on
an .xpi and having it work.
> Security is another issue; I trust an rpm package from an official
> repository more than a lousy, unsigned xpi from an ip-only webpage
> (e.g. TBP).
Trust and security are different. I don't see how security will be any
better if nobody bothers to audit the code from these extensions. We're
just assuming blame. This was discussed at the recent Mozilla
Developers Summit at MIT two weeks ago. There needs to be a better way
to handle the trust issue than there is now. It's being workedon.
More information about the fedora-devel-list
mailing list