Hi, I haven't followed the overall discussion closely, but I'm very concerned about this change and that we're driving away extension developers. I hope that some of the relevant people read this thread, as I'd like to propose a different strategy for extension signing.
1) As dburns mentioned in this thread, some people have to run unsigned extensions. We should continue to allow this if the users explicitly enables it in about:config. Unsigned extensions are disabled by default and should come with a big warning sign. 2) If extension signing is enabled (the default), Firefox should only allow for extensions that have been signed by a Mozilla-generated key. 3) Obtaining a signing key from Mozilla should be automated in a way similar to Let's Encrypt. So the overhead for extension developers is minimal. 4) Keys should be bound to URLs and there can only be one URL per extension. So it's not possible to modify and redistribute someone else's extension. 5) Changing an extension's URL requires manual intervention. 6) If an extension turns out to be malicious we can revoke the key. Firefox would then notice all affected users and disable the extension automatically. 7) Popular extensions on AMO should be reviewed by Mozilla staff 'behind the scenes' and get an additional quality label or something similar. Best regards Thomas Am 25.11.2015 um 10:14 schrieb David Rajchenbach-Teller: > I admit I have followed extension signing/scanning only very remotely, > but Dan Stillman has a number of good points: > > http://danstillman.com/2015/11/23/firefox-extension-scanning-is-security-theater > > Could someone who's actually involved in this feature provide an answer? > > Cheers, > David > _______________________________________________ > dev-platform mailing list > dev-platform@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-platform _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
