On Wed, Dec 21, 2005 at 08:21:21PM -0200, Paulo Marcel Coelho Aragao wrote: > I wonder if this source is trusted. Its certificate is signed by > itself. When I click on the downloaded xpi file, Firefox says it's > "unsigned". I fear installing an extension that might potentially pry > my privacy. > > Has anybody installed mozex from that site ?
Whilst it's good to be aware of such problems, would it be much safer if the certificate was signed by a CA? That just proves that the nic-nac-project.de people signed the JAR (or whatever they are); not that you can trust them. The only sure fire way is to read the source code. Of course this is not practical in all cases. JAR files can be unpacked with `unzip'; I think mozex is relatively short. -- Jon Dowland http://alcopop.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
