On 11/16/15 5:54 PM, Mike Connor wrote:
> Ah, I was under the impression (I'm not sure why) that Zotero had a
> client + add-on bundle. So the threat is only "I can get tricked into
> installing something malicious that is masquerading as Zotero" at this
> point. For Zotero, at least.
We do offer a standalone app that works with lightweight extensions as
an alternative to the full-featured Firefox extension, but we don't
sideload anything — you still need to come to our site and install your
browser extension of choice. So if Zotero were whitelisted it would just
be users continuing to trust us as they always have (assuming Firefox
enforces the sideload privilege).
>
> It's worth noting that a huge proportion of the unlisted add-ons being
> distributed do need to be sideloaded (i.e. bundled with AV software,
> Skype, etc). So that's a consideration in any proposal. Whitelisting
> sideloaded add-ons is a big problem.
My concern is not having to discontinue Zotero on December 15th, so I'm
not going to address the whitelisting of sideloaded extensions. If
someone else with a sideloaded extension wants to raise the issue they
can, but I haven't been advocating for that, and I don't think it should
hold up the much more straightforward whitelisting of front-loaded
extensions.