-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> The "make firefox" rule uses wget to get a few files. Is this because you don't want to distribute signatures on Github? Ideally, it would use local files only.
I was referring to the HTTPS statement. I'd like to deepen this statement.
There are signatures and I also think that the GitHub clone reduce the complexity. I agree that the latter will be the default. However HTTPS is used both in the clone and in the process to get my public key.
> Well, it crashed my machine... I had to reboot the whole thing. It would be nice if it did something more graceful when presented with 20 links at the same time, even if it is just asking for confirmation.
Why 20? Why not 10, 30 or other numbers? However to avoid DOS attacks, very plausible, is useful to have a maximum requests per second. When this limit is reached the extension blocks other request and warns the user. This is a vital feature.. ;)
> Also, I think your tool could be quite useful for several different use cases. Perhaps it's better to have the default configuration being unobtrusive, but allow the user to switch on more defenses if they like.
I think that the opposite is better. *The user* sets as default "Open here mode" (not secure), and then, trough Quick Settings, it could switch to "redirection mode". Quick Settings has to be very flexible.
More secure default, is better.. I repeat: the extension did its job.
However why do you not whitelist these (20+) URLs (or related domains), if you consider them trustworthy?
> (I think this idea needs a bit more thought!)
I agree. It's something not, principally, related to this extension. I'm also waiting to try the stable 4.0.
Best Regards,
Raffaele.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE9bU8N8AgwMcjiC1xjTxG+6f1ce4FAlp3Qf4ACgkQjTxG+6f1
ce7BnhAAwF/AY+45vN0w7bnRTv2Db5p6sHwDphKJ0zodyHOdvVb6oUyt6JFkHvbA
u/xsZflBRhZr82u2B+17//lyazXjBN3JiZkDPhKyDie0frlS/4YtTu8W2hNorzOu
lW3QFvie9qsPyPjSqtgUijS7nkPguXCDnbPmYPnnYQLyubI7MOVKD8E+ePW5WAdj
E1lMZvSRot47oB7I7RvCzo1tqSDj6pb72JlTFL1OARYQqyKV5kMOnDOFi4mONCat
tt+u3dMgEm4eQ7k+Y3PEVLmLcw9p2RYawRsF8n+8RZHdCHc1UTpL2hwvii+Um0jW
kggj5GA83wTn6q+4xf4TkVulPMZX9lYagp4Lv3KvQjAxL+Gw+HFhOY9ryREKLcSs
O8hX1VbZBDIk2y2A76+x3AhGPqlpoAzDAKcti9au9ftUw7lbTpZMDTp79DqJiHLD
TAcNmk5xvzzj9yJiswSVff5ykf51ogFVndQpzKxfgwGOqoZtx7w69v46nCp9dnjx
qVD193N5MAlm9ewvGAwYReepcNW0rpBhP69dTzuYFGQzQ5t72ip6Jr7YWa9ReYf2
e3eBzs4jyx9Bsm6IzP0kphcWwp4goxlymnm/Bwa1Knx9RdpZzekVo46ujiC6SZI6
Npbmf5EYLtYqFLXdujuva8CBg1jbBfUSpvBP0KQMov8E9RiEk+s=
=lITa
-----END PGP SIGNATURE-----