Also https://bugzilla.mozilla.org/show_bug.cgi?id=1227867
On 30/11/15 20:31, Bobby Holley wrote: > (Gingerly wading into this thread and hoping not to get sucked in) > > Given the fundamental limits of static analysis, dynamic analysis might be > a better approach. I think we can do a reasonable job (with the help of > interpositions) of monitoring the various escape points at which addon code > might do arbitrary dangerous things, without actually preventing it from > doing those things in a way that would break lots of addons. We could then > keep an eye on what addons are doing in the wild, and revoke the signatures > for the addon / developer if we find them to be misbehaving. > > I proposed this in [1] and it got filed separately as [2]. Detailed > follow-up discussion is probably better to do in that bug. > > [1] https://bugzilla.mozilla.org/show_bug.cgi?id=1199628#c26 > [2] https://bugzilla.mozilla.org/show_bug.cgi?id=1227464 _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
