Have you guys figured out how you’ll push updates for future extensions?
I say this as you will have guessed already when an extension update has been pushed by the developer on the Chrome Web Store, particularly when there’s a security flaw, how will Brave recognise these updates for it to instantaneously or simultaneously (which can be construed as the same in this context) be pushed via Brave. Moreover, I’ve just realised, not that I use any of these extensions, that you got version 2.1.32 of ‘Save to Pocket’ when there’s Version: 2.1.35 available on Chrome’s Web Store and version 184.108.40.206 of ‘Last Pass’ when Version: 4.1.52 is available and you have ‘Latest’ titled next to them in Brave’s Web Store.
Particularly for the last one, pardon the pun, it is quite serious considering the major bugs that were found by Google’s Zero Day, in update terms, that’s quite some time ago.
I imagine again further scrutinizing per your advise will have to take place but this then brings more questions, such as, will you have dedicated team that will tediously lookout for new updates that are pushed and inspect their recent code implementations or changes (no offence honestly) considering the amount of extensions that will essentially fill Brave’s Web Store.
I pointed out a possibility in a topic I created titled Original Developer’s Participation but I imagine you already thought of this or figured out something better.
I should say, I also created this to sort of understand similar to @ jlam75 topic here What is ShipIt? how it sort of works because I was thinking about delivery of updates of software within an integrated hardware with security in mind, essentially built-in within a product.
I understand obviously you have this figured out but I was wondering if I could gain some knowledge along the way as I’m likely to do something related hardware. So @ jlam75 pointed something related to encryption but the Brave team didn’t get back to him 6 months ago.
To be honest I wouldn’t want it any other way compared to anti-virus companies because I imagine they take every single measure such as obfuscating and anonymising not no get compromised.