Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
dvratil 19 hours ago

The question is, does Mozilla rigorously review every single update of every featured extension? Or did they just vet it once, and a malicious developer may now introduce data collection or similar "features" though a minor update of the extension and keep enjoying the "recommended" badge by Mozilla?

tuetuopay 18 hours ago | parent | next [-]

This may also be the reason for the extension begin "Featured" on the Chrome Web Store: Google vetted it once, and didn't think about it for each update.

GeekyBear 8 hours ago | parent | prev | next [-]

> The question is, does Mozilla rigorously review every single update of every featured extension?

Yes.

pacifika 19 hours ago | parent | prev [-]

This is just spreading FUD where an answer could have been provided.

> Before an extension receives Recommended status, it undergoes rigorous technical review by staff security experts.

https://support.mozilla.org/en-US/kb/recommended-extensions-...

nevon 19 hours ago | parent [-]

That link doesn't answer the question though. It states that the extension is reviewed before receiving the recommended status. It does not state that updates are reviewed.

insin 15 hours ago | parent [-]

They do, and it takes longer for updates to Recommended extensions to be reviewed as a result.

This is what the Firefox add-ons team sent to me when one of my extensions was invited to the Recommended program:

> If you’re interested in Control Panel for Twitter becoming a Firefox Recommended Extension there are a couple of conditions to consider:

> 1) Mozilla staff security experts manually review every new submission of all Recommended extensions; this ensures all Recommended extensions remain compliant with AMO’s privacy and security standards. Due to this rigorous monitoring you can expect slightly longer review wait times for new version submissions (up to two weeks in some cases, though it’s usually just a few days).

> 2) Developers agree to actively maintain their Recommended extension (i.e. make timely bug fixes and/or generally tend to its ongoing maintenance). Basically we don't want to include abandoned or otherwise decaying content, so if the day arrives you intend to no longer maintain Control Panel for Twitter, we simply ask you to communicate that to us so we can plan for its removal from the program.

nevon 15 hours ago | parent [-]

That's great! They should put that on the website.