Am 06.08.2015 um 19:03 schrieb Christoph Gruber:
Reindl Harald <h.reindl@xxxxxxxxxxxxx> wrote:that's all fine but * nothing new, independent of lightningACK* how do you imagine a restricted user install a extension otherwiseReal sandboxing, if not possible, give the users the possibility to activate admin-installed extension, and not the possibility to install every shit which comes with a "I am free" or "I am sexy" tag.
spice-xpi.x86_64 : SPICE extension for Mozilla thunderbird-enigmail.x86_64 : Authentication and encryption extension for
* and no - he must not do that is not a acceptable solutionYes it is.security and usability are always a tradeoffNot always, and if, sometimes security has to win.
frankly, a lot of people hate my security-first attitude but in case of browser extensions i just don't want run to every machine for every extension update and hand out the admin-password is a no-go
hence the topic *is* nonsenseNo, it is not
well, depending on the extension (noscript) as example there are very often updates - you are in danger to train users to always and everywhere anter their root-password or skip updates which may be security relevant
Mozilla is solving most of the issues by just only install signed extensions - let's wait how many people switch to the developer version without that restriction because 1 or 2 of their favorite extensions are only available directly from the developer
Description: OpenPGP digital signature