this post was submitted on 14 Jun 2024
195 points (99.0% liked)
Firefox
17885 readers
29 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
From the article:
Well for the extensions that are open source it is possible for Russia to meddle with the code, but they'd have to get past code review. But this is concern for anything open source not just Mozilla stuff. It's rare that something gets bad gets into an open source project, but it did happen a few months ago with ssh. Didn't get past testing and required someone to work on open source projects for years before they got a level of trust to get something pulled into main source tree. So it's basically the equivalent of getting a job at a company for years just to put malware into some proprietary software. Which could also happen, but if there's a good code review process it shouldn't happen.
Excepting those kind of weird scenarios, unless they're extensions made by a Russian company that Moscow control over, then no, the extensions wouldn't have been fiddled with by the Russian government. And if they were extensions the Russian government had the ability to change, they wouldn't be trying to ban them.
I highly doubt that a browser extension is going to allow a bad commit. It seems like that would be way more obvious as it is at a much higher level. (No C)