Web lists-archives.com

Re: ping Walt, bug about add-on verification override

On 02/10/2017 11:06 AM, »Q« wrote:
In <news:BoKdnYHf8-YNXAHFnZ2dnUU7-SvNnZ2d@xxxxxxxxxxx>,
Caver1 <caver1@xxxxxxxxxxxx> wrote:

On 02/09/2017 01:42 PM, »Q« wrote:
In <news:2NOdnRm4mOueAwHFnZ2dnUU7-VlQAAAA@xxxxxxxxxxx>,
Caver1 <caver1@xxxxxxxxxxxx> wrote:

On 02/09/2017 11:27 AM, »Q« wrote:
In <news:j9mdnTUBy4erDwHFnZ2dnUU7-I_NnZ2d@xxxxxxxxxxx>,
Caver1 <caver1@xxxxxxxxxxxx> wrote:

On 02/08/2017 07:52 PM, WaltS48 wrote:
On 02/08/2017 07:41 PM, Caver1 wrote:

In the Eyes of the beholder. It's up to the user. I have been
using said extensions for years with no security problems. If I
want/need to use them then I have the choice to do so which
harms no one.


Also Firefox is open source.
An open-source software license is a statement that anyone
is free to use your source code in whatever way they want.
Open source rights:
     A user can create and distribute copies of the source code;
     A user can obtain a program’s source code;
     A user can modify the source code.
Mozilla open-source licenses;
      Firefox, Thunderbird  triple-licensed MPL/LGPL/GPL

As such your bullshit is bullshit. If I want to add to FF's
configuration I can and Mozilla has no right to stop me.

That's a red herring.  Of course you can do a lot of things with
the source code, but the bugs are about how the binaries
distributed by Mozilla behave.

And why is this a red herring? It just points out a fact.

Red herrings are often facts.  You read the answer to your question
right before you typed your question.

Neither you nor Walt have shown how this is a bug.

Hopefully you've read this before:

  I won't try to summarize -- I think to get a grip on the problem
and what they might do about it, you gotta read it through and
chase the links to other bugs, especially paying attention to
Kaply's comments.

    Why is that a bug?

See, before you even asked your question the first time, I told you
I wasn't going to provide a summary and gave advice on what you
could do to understand the issues and what they might do about it.
Demanding that Walt or I or anyone else explain things to you seems
unlikely to help.

If I can mess with the source code I can also add files.

Sure, you can put files all over your hard drives if you want;  it's
your computer.  How the binaries Mozilla ships react to those files,
however, isn't up to you and never has been.

What I get out of the bug report that you posted is that
there are a few like you and Walt that don't want anybody
using those files to stop add-on verification.

That's really all you got out of reading the bug reports?  I guess the
people who understand the issues involving AutoConfig will have to
carry on without you.

Being able to use those two files of itself is not a bug. The bug is that malware could exploit the ability. All of them agreed that if they strengthen that ability how would they keep the ability for the regular user. At this point they don't have an answer.

general mailing list