Re: SHA1 within a firebird extension

Jean-Marc Desperrier wrote:

> I'm convinced this would work better than the current site white list 
> mechanism.
> My opinion is that white-list forces to take a bad compromise between :
> - allowing a small number of list, which will result in major bandwidth 
> problems for those sites, and difficulties if the number of extension 
> creators gets large to make their extension available from those few sites.
> - augmenting the number of sites, and taking a large risk that one of 
> them gets somehow subverted to download a bad extension.

The whitelist is not a security measure, it's an anti-abuse measure like the
popup blocker. The eventual intention is to let people continue on with the
install from the non-modal infobar without having to whitelist the site.
When this is done the whitelist will only be useful as a convenience for
developer types at sites they use often, or for corporate installations that
want to whitelist internal sites.