[conspire] Mandatory code-signing is for your protection

Rick Moen rick at linuxmafia.com
Sat Dec 19 18:13:43 PST 2020


Quoting Paul Zander (paulz at ieee.org):

> But what can go wrong?  Isn't there a guard with a photo book that has
> been updated to now include Bonnie and Clyde?  Seriously I suspect
> break-ins will not stop until at a minimum there is a staff of white
> hackers who have full access to read source code and permissions to
> try all sorts of things and lastly these people need to be well
> rewarded when they do find a third story window that was not locked. 

The point is:  Mozilla Corporation justified mandatory corporate signing
of all extensions starting in 2016 (for Firefox 48 and later) by saying
"Hey, this way, we can make sure you don't get malware infiltrated via
Firefox extensions, so quit your bitching about software freedom."

Here we are, after they rolled out that restriction of their users'
freedom, and -- wow! -- three million Chrome users got Mozilla-signed 
extensions conveying Mozilla-signed malware. 

Hey, thanks, Mozilla Corp.  Everyone is obviously _so_ much better off
from having their ability to run code of their own choosing in a
supposedly open source Web browser cancelled by you guys.

Anyway, the you-can-run-only-what-we-permit thing is, IMO, one of the
best reasons to consider Firefox no longer fully open source (since
2018's version 48), and give alternatives including Chromium a good
look.  (At that point, it'd also be worth weighing other _proprietary_
competitors, since if you're abandoning open source then those are
logically in play as well.)




More information about the conspire mailing list