The browser extensions, which are hosted on the Mozilla store, were made unavailable in the Land of Putin on or around June 8 after a request by the Russian government and its internet censorship agency, Roskomnadzor.
or to enable Russia to interfere with the extensions’ code for their own ends?
Well for the extensions that are open source it is possible for Russia to meddle with the code, but they’d have to get past code review. But this is concern for anything open source not just Mozilla stuff. It’s rare that something gets bad gets into an open source project, but it did happen a few months ago with ssh. Didn’t get past testing and required someone to work on open source projects for years before they got a level of trust to get something pulled into main source tree. So it’s basically the equivalent of getting a job at a company for years just to put malware into some proprietary software. Which could also happen, but if there’s a good code review process it shouldn’t happen.
Excepting those kind of weird scenarios, unless they’re extensions made by a Russian company that Moscow control over, then no, the extensions wouldn’t have been fiddled with by the Russian government. And if they were extensions the Russian government had the ability to change, they wouldn’t be trying to ban them.
I highly doubt that a browser extension is going to allow a bad commit. It seems like that would be way more obvious as it is at a much higher level. (No C)
From the article:
Well for the extensions that are open source it is possible for Russia to meddle with the code, but they’d have to get past code review. But this is concern for anything open source not just Mozilla stuff. It’s rare that something gets bad gets into an open source project, but it did happen a few months ago with ssh. Didn’t get past testing and required someone to work on open source projects for years before they got a level of trust to get something pulled into main source tree. So it’s basically the equivalent of getting a job at a company for years just to put malware into some proprietary software. Which could also happen, but if there’s a good code review process it shouldn’t happen.
Excepting those kind of weird scenarios, unless they’re extensions made by a Russian company that Moscow control over, then no, the extensions wouldn’t have been fiddled with by the Russian government. And if they were extensions the Russian government had the ability to change, they wouldn’t be trying to ban them.
I highly doubt that a browser extension is going to allow a bad commit. It seems like that would be way more obvious as it is at a much higher level. (No C)