How is AMO enfroncing rules without code review?

andreip · November 27, 2017, 9:20pm

Hi,

I was looking at this page and quite a lot of items there seem to be hard to translate in some automated tool. For example “Execute remote code”. How does an automated system know if a request just loads resources or it fetches some code to be executed? Or an even harder one “Cause harm to users’ data, systems, or online identities”.

Thank you,
Andrei

erosman · November 27, 2017, 9:47pm

It is done in post review

https://blog.mozilla.org/addons/2017/09/21/review-wait-times-get-shorter/

andreip · November 28, 2017, 8:37am

Hmm… Interesting. I missed that. And if the author refuses to offer non-obfuscated code?

erosman · November 28, 2017, 1:47pm

The request is made to upload sources within 7 days otherwise addon gets rejected.