Web lists-archives.com

Re: AMO plagued by (another) wave of malware extensions




My bloviated meandering follows what »Q« graced us with on 5/29/2019 7:22 AM:
<https://www.ghacks.net/2019/05/29/another-malware-wave-hit-the-mozilla-firefox-extensions-store/>

  Mozilla will remove the extensions once it notices them. The problem
  here is that this happens after the fact. The spam extensions may
  turn up in user searches and they also turn up when you sort by
  recent updates.

  Mozilla switched from a "review first, publish second" to a "publish
  first, review second" model in 2017. Any extension uploaded to Mozilla
  AMO that passes automated checks is published first….

The recent extension certificate fiasco would be a little easier to
take if the signatures were actually keeping people safer.  I didn't
realize until now that Mozilla had adopted Google's "sign and publish
almost everything" policy.

Sad really. I recall the days when AMO made only a cursory view of an extension submittal and when they eventually went to the "review first, publish second" approach. After a sluggish start, it eventually picked up and turned around reviews in a timely manner. Now with the reversi decision, I'll be even more reluctant to add them. All for the sake of expediency. Leaving me to wonder, WWGD, "What Would Gerv Do?"

--
Sailfish
Rare Mozilla Stuff: http://tinyurl.com/z86x3sg
_______________________________________________
general mailing list
general@xxxxxxxxxxxxxxxxx
https://lists.mozilla.org/listinfo/general