Web lists-archives.com

Re: ping Walt, bug about add-on verification override

On 02/09/2017 11:27 AM, WaltS48 wrote:
On 02/09/2017 11:00 AM, Caver1 wrote:
On 02/08/2017 07:52 PM, WaltS48 wrote:
On 02/08/2017 07:41 PM, Caver1 wrote:
On 02/08/2017 05:23 PM, WaltS48 wrote:
On 02/07/2017 07:32 PM, Caver1 wrote:
On 02/07/2017 06:14 PM, »Q« wrote:
FYI.  Walt, in m.s.f you recently talked about filing a bug about the
fact that Fx can be configured not to verify add-ons.  I did file
a bug
on it, which was eventually marked a dupe of a hidden bug.  That
been unhidden now,
<https://bugzilla.mozilla.org/show_bug.cgi?id=1292444>.  I won't
try to
summarize -- I think to get a grip on the problem and what they might
do about it, you gotta read it through and chase the links to other
bugs, especially paying attention to Kaply's comments.

Why is that a bug?

Disabling security, as indicated by the RESOLVED:DUPLICATE status of
bug as a duplicate of the previously hidden ACCESS DENIED bug 1292444.

Any bug a user sees as ACCESS DENIED is a security vulnerability.

In the Eyes of the beholder. It's up to the user. I have been using said
extensions for years with no security problems. If I want/need to use
them then I have the choice to do so which harms no one.


Also Firefox is open source.
An open-source software license is a statement that anyone is free to
use your source code in whatever way they want.
Open source rights:
     A user can create and distribute copies of the source code;
     A user can obtain a program’s source code;
     A user can modify the source code.
Mozilla open-source licenses;
      Firefox, Thunderbird  triple-licensed MPL/LGPL/GPL

As such your bullshit is bullshit. If I want to add to FF's
configuration I can and Mozilla has no right to stop me.

I don't consider adding a file to an already created folder in the
installation as modifying the source code.

If I can modify the code which would stop addon verification I can add a file to do the same thing.

The source code creates that folder upon installation. No?

Anyway it is a security vulnerability, that circumvents the add-on
signing requirement.

Probably won't work when Firefox 57 arrives and those extensions no
longer work anyway.


No where in the open-source licenses does it say except for security.
I pointed out that with WebExtensions this is a moote point.
Just means that I may not update and stay soooo unsecure.

general mailing list