Hacker News new | comments | show | ask | jobs | submit login

An additional prompt means less conversions.

There are alternative methods that Mozilla could do, like bringing a Mozilla certificate to host the extension in your own site without an extra prompt.

And how would we decide to whom to extend the certificate? To whom should we entrust "conversions"?

You are talking around the larger problem, which is a huge one for many extension and app ecosystems (e.g. Google Play, where weak-AI scanners fail to stop malware and spamware).

Mozilla uses community review, which works much better but is of course imperfect, a human thing.

No one that I know of has solved this larger problem. I would be interested in research pointers and tips (not complaints).


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact