Martin Hajduch
unread,Jan 18, 2016, 12:40:22 PM1/18/16You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to mozilla-addons-...@lists.mozilla.org
Hi!
My company develops enterprise Add-On which includes binary components - DLLs. This Add-On is not publicly available, only our customers with paid contracts receive it. And it should stay this way.
I am not sure if it is even possible to get a request to share source code with an external party through our legal department. And even if it would be, most likely a signature of some NDA by the actual reviewers would be requested, including a liability clause. Which we most likely won't get of course...
It may be possible to provide a short look via a Teamviewer session, would this be enough? Would someone even have time for that? How to proceed?
Are there any alternatives? Getting our customers to use nightly builds is not an option, as it makes then again vulnerable against any other malicious extensions out there :(.
I read somewhere: "For extensions that will never be publicly distributed and will never leave an internal network, there will be a third option. We?ll have more details available on this in the near future." - but cannot find any further details...
Right now we stick with ESR 38, but that is a solution which disappears soon. Or we (our customers) stay without security updates of any kind..
As to the reason 'why we use binary components?' -> the extension itself provides connectivity between web based application, and a local Cad/Cam application. This connectivity requires functionality written in C. Our extension is using C-types to call corresponding DLLs. We are talking here about hundreds of thousands of lines of code. Surely, there are technical solutions to externalize DLLs to a standalone application and use JavaScript-based communication to talk to it, but that means several man months investment at least..
Many thanks for any tips on how to proceed here..
Regards,
Martin Hajduch
Assyst GmbH