packaging thunderbird and firefox extensions as RPM in Fedora

Andrew Overholt overholt at redhat.com
Mon Apr 16 17:28:16 UTC 2007


On Mon, 2007-16-04 at 13:09 -0400, Christopher Aillon wrote:
> > Security is another issue; I trust an rpm package from an official
> > repository more than a lousy, unsigned xpi from an ip-only webpage
> > (e.g. TBP).
> 
> Trust and security are different.  I don't see how security will be any 
> better if nobody bothers to audit the code from these extensions.  We're 
> just assuming blame.  This was discussed at the recent Mozilla 
> Developers Summit at MIT two weeks ago.  There needs to be a better way 
> to handle the trust issue than there is now.  It's being workedon.

I'm interested in how this is being approached on the Mozilla side.  We
have similar issues with Eclipse and are trying to tackle them now.  Is
there some place I can observe this work?  I'm mainly interested in
shared installations and management with RPM.

Thanks,

Andrew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070416/82bd8895/attachment.sig>


More information about the fedora-devel-list mailing list