I am curious why many maintain that using an xpi is bad for themes. I understand that installing an xpi is more risky than registering a jar, but using an xpi for a theme is no more risky than for an extension. It is also, IMHO, less risky than downloading and running any installer because it is a trivial matter to view the installer code.
I believe that signing an xpi is possible and if the process is not difficult perhaps this would ease the fears of some, although I don't think it can be guaranteed that even a signed xpi would be risk free.
I invite discussion about this because either I am ignorant about differences in the risks of using xpis in certain cases or the situation has been misrepresented.
Risks with use of xpi
- Chris Cook
- Posts: 898
- Joined: December 14th, 2002, 9:57 am
- Location: Québec, Canada
- Contact: