Risks with use of xpi

Discuss building things with or for the Mozilla Platform.
Post Reply
User avatar
Chris Cook
Posts: 898
Joined: December 14th, 2002, 9:57 am
Location: Québec, Canada
Contact:

Risks with use of xpi

Post by Chris Cook »

I am curious why many maintain that using an xpi is bad for themes. I understand that installing an xpi is more risky than registering a jar, but using an xpi for a theme is no more risky than for an extension. It is also, IMHO, less risky than downloading and running any installer because it is a trivial matter to view the installer code.

I believe that signing an xpi is possible and if the process is not difficult perhaps this would ease the fears of some, although I don't think it can be guaranteed that even a signed xpi would be risk free.

I invite discussion about this because either I am ignorant about differences in the risks of using xpis in certain cases or the situation has been misrepresented.
Post Reply