User:Rdm/AMO Policy Notes
From MozillaWiki
< User:Rdm
=Definitions= Should be said in a funny voice whilst making finger-quotes.
- "evil" - trying to make money in a way that some people don't like.
- "common" - deliberately fuzzy way of describing a product or service used by a large portion of AMO visitors.
- "spy" - word to describe any communication that is "evil".
- "the powers that be" - Mozilla Foundation. Or Corporation. Or AMO admins. Possibly all three, it's quite hard to tell.
=Things that need to be removed= Or at least more tightly regulated.
- Extensions that use remote content in an unsafe way.
- eg. BetterShopper. (evals XMLHttpRequest reponse to get currency data)
- Extensions that include binary components, and do not provide source that can be viewed/compiled by reviewers.
- Extensions that require additional software to be installed outside of Firefox.
- eg. BlueFrog. (should be shipping the Firefox extension with their Windows app)
- Perhaps make an exception for "common" software when the extension author is a third party.
- Extensions that "spy" on surfing habits without a very good reason and user permission.
- eg. EffectiveBrand.
- Extensions that are useful only to specific communities.
- eg. FriendzForLife ForumNavigator.
- Again, "common" exception, eg. Slashdot extensions.
Reasons people upload these types of addons
- They're unaware of security issues.
- They don't want to reveal secrets/break NDAs, see also 5.
- AMO is great marketing for their main product, or they're unaware of other extension registration methods.
- They're "evil".
- Dealing with the XPInstall whitelist is a lot of hassle, and AMO gives you an update URL for free.
Robert Marshall, 17 April 2006
Tiered AMO
There was some discussion on IRC about making distinctions between different levels of trust. This is how I see a possible system:
- Trusted addons
- No review required.
- Applies to extensions in Mozilla CVS, eg. ChatZilla, Venkman, XForms.
- Applies to extensions where author signs contract with "the powers that be".
- Reviewed addons
- Basic testing by at least one editor required.
- Not a guarantee of non-"evil"ness.
- Source must be available in the preferred form for editing, and under a license that allows inspection and - where appropriate - compilation.
- Addons found to cause crashes, memory leaks or security problems are deleted, or moved to (3).
- Depths Of Hell
- No review required.
- Most authors upload here, then request review to be moved to (2).
- Same source requirements as (2).
- Not advertised on front page, or in default searches.
- Mildly scary warning, enough to be able to say "I told you so".
Problems:
- It's likely that enough users will ignore warnings to make them pointless.
- Updates. Auto-update can't serve only (1) and (2), but it can't always serve (3) either. UI in Firefox for this would be a nightmare, as would figuring out the right thing to do automatically.
- Same thing for feeds.
- Not enough resources to do actual code review, so it's unclear what being in (2) actually means.
- The mere existence of (1) will be viewed as "evil".
Robert Marshall, 18 April 2006