@damienmiller could you elaborate a bit on how manifest v3 can mitigate supply chain attacks? There's nothing that can stop a hijacked developer account pushing a new malicious update, is there?

As stated here: https://cybervillains.com/@djm/111255948769148166 in this (old) thread https://infosec.exchange/@lcamtuf/111253626757075766