:52 PM, Ehsan Akhgari wrote:
That sounds like a good idea to me as well.
On 2015-11-30 11:25 AM, Gavin Sharp wrote:
That's one of the suggestions Dan Stillman makes in his post, and it
seems like a fine idea to me.
Gavin
On Mon, Nov 30, 2015 at 11:15 AM, Jonathan Kew
wrote:
On 30/11/15 1
On 11/30/15 6:24 AM, Gijs Kruitbosch wrote:
On 28/11/2015 19:42, Dan Stillman wrote:
As for what, if anything, should block release without override, I'm
happy to talk specifics, but we can't have a discussion about that
without even agreeing on the point of the validator,
Why do
On 11/28/15 8:28 PM, Mike Hoye wrote:
To Ehsan's point that "malicious code here might look like this:
console.log("success"); [and] It's impossible to tell by looking at
the code whether that line prints a success message on the console, or
something entirely different, such as running calc.ex
On 11/28/15 2:30 PM, Kartikaya Gupta wrote:
So it seems to me that people are actually in general agreement about
what the validator can and cannot do, but have different evaluations
of the cost-benefit tradeoff.
On the one hand we have the camp (let's say camp A) that believes the
validator pro
On 11/28/15 5:06 AM, Gijs Kruitbosch wrote:
On 27/11/2015 23:46, dstill...@zotero.org wrote:
The issue here is that this new system -- specifically, an automated
scanner sending extensions to manual review -- has been defended by
Jorge's saying, from March when I first brought this up until
yest
On 11/28/15 2:06 AM, Gavin Sharp wrote:
The assumption that the validator must catch all malicious code for add-on signing to be
beneficial is incorrect, and seems to be what's fueling most of this thread. Validation
being a prerequisite for automatic signing is not primarily a security measure
6 matches
Mail list logo
