On Fri, 17 May 2019 03:16:21 +0000 Vipul wrote: > add-on signature verification is an important security feature?
that would be important if one installs add-ons that they acquired from third-party sources; for example, the mozilla website - however, installing third-party software onto a GNU/Linux distro is very much discouraged - if verification is a high priority, then one should install only software provided by their distro using the distro package manager - the package manager will ensure the packages have been signed by one of your distro developers, who you already trust implicitly this latest fisco should make it obvious to everyone why it is undesirable to require a single third-party authority to govern which software you can or cannot install - that authority belongs to the user - that feature is most useful for users of operating systems that do not package the browser or add-ons, in which case, mozilla would be their only validation authority - however, if the person did not validate the signature of the installer that they used to install the browser, then there is dubious value in trusting the browser to verify add-ons when the browser itself was not verified users of GNU/Linux distros do not have that problem - most distros package the browsers and the most popular add-ons - it is always best to trust your distro software only; and if you find some interesting software out in the wild, to ask your distro to build it from source and package it properly -- http://gnuzilla.gnu.org
