Hacker News new | comments | show | ask | jobs | submit login

And how would we decide to whom to extend the certificate? To whom should we entrust "conversions"?

You are talking around the larger problem, which is a huge one for many extension and app ecosystems (e.g. Google Play, where weak-AI scanners fail to stop malware and spamware).

Mozilla uses community review, which works much better but is of course imperfect, a human thing.

No one that I know of has solved this larger problem. I would be interested in research pointers and tips (not complaints).


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact