canmove, Confirmed users
1,567
edits
Firefox3.1/Blocklisting Security Review: Difference between revisions
Firefox3.1/Blocklisting Security Review (view source)
Revision as of 23:10, 8 December 2008
, 8 December 2008→Review comments
| Line 125: | Line 125: | ||
== Review comments == | == Review comments == | ||
* Need to check that a bad certificate error when retrieving the blocklist is handled correctly | |||
* What do we do if attempts to update the blocklist fail consistently for a long time, the user has no current blocklist | |||
* Change text to point out that only a particular version is blocked, something like "Minefield has determined that the following versions of add-on are known to cause stability or security problem, you might want to check for updates." | |||
* Perhaps the blocklist more information url should be https | |||
* We should be escaping the parameters in the blocklist url | |||
* Perhaps we could speed up blocklist requests in the event of an error | |||
* Should we log blocklist request failures to some console as at least an indication there is a problem | |||
* Check what happens if the plugin regular expression is malformed, try to restrict one typo from breaking the entire blocklist | |||
* Does the update check any If-Modified-Since header | |||
* Should clicking check for updates in the add-ons manager do a blocklist update check as well? This could warn about blocklist update failures more explicitly | |||