Closed Bug 777249 Opened 13 years ago Closed 13 years ago

Make the names of data items that extensions must not touch self-documenting

Categories

(Toolkit :: Add-ons Manager, defect)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: hsivonen, Unassigned)

Details

Per discussion in governance, it seems that we are giving extensions that circumvent the mechanism that allows the user to confirm third-party extension installation the benefit of the doubt as if it could be unclear to extension authors the circumventing the mechanism is a bad thing to do. ( https://groups.google.com/d/msg/mozilla.governance/0t-hQy_GAlc/Jk70HRHasFwJ ) To make sure that's no extension author can circumvent the mechanism without being aware of how Mozilla views the circumvention of the mechanism, I suggest renaming data items (such as prefs) that are part of the confirmation mechanism in such a way that the names signal the touching those data items is severely not OK even to extension authors who haven't read our policies. This way, we could proceed to protecting our users from extensions that circumvent the mechanism that is designed to ensure user control without waiting to see if an extension has fiddled with the mechanism without realizing that such fiddling is eligible for blocklisting. For example, I suggest rename extensions.enabledScopes to add-ons_caught_touching_this_will_be_considered_to_be_malware.extensions.enabledScopes, extensions.autoDisableScopes to add-ons_caught_touching_this_will_be_considered_to_be_malware.extensions.autoDisableScopes and similarly prefixing other prefs or file names used for tracking the add-on installation state. This would have the unfortunate effect of requiring IT administrators to readjust the newly-named prefs in environments that adjust them for administrative purposes, but I think allowing ourselves to move quickly to protect users whose computer isn't administered by an IT department from extensions that may be unwanted by users is more important.
I don't think renaming those prefs will be anywhere near effective enough to warrant the amount of pain it will cause (migration, testing, etc). There are plenty of legitimate uses of those prefs outside of the rare addon that abuses them - that's why we have them. Furthermore, there are plenty of other prefs that are more abused (default search engine, keyword URL, homepage, etc), or prefs that shouldn't be changed is certain circumstances - I highly doubt we'd rename all of those in the style proposed here.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.