On 26/11/2015 16:07, Thomas Zimmermann wrote:
Hi,
I haven't followed the overall discussion closely, but I'm very
concerned about this change and that we're driving away extension
developers. I hope that some of the relevant people read this thread, as
I'd like to propose a different strategy for extension signing.
1) As dburns mentioned in this thread, some people have to run unsigned
extensions. We should continue to allow this if the users explicitly
enables it in about:config. Unsigned extensions are disabled by default
and should come with a big warning sign.
This really misses the point. There have been many discussions about
this in the past. If we just use an about:config flag, malware/greyware
will set that in the user's pref file and then install itself anyway
(unsigned, obviously). There is nothing we can do in the UI if an
untrusted extension is installed permanently that that untrusted
extension won't be able to hide anyway.
For the signing to provide any meaningful protection, it needs to be
impossible to turn it off permanently.
If users want to run unsigned extensions repeatedly (rather than
one-offs for testing, for which support was recently added), they can
either self-build, or run unbranded builds, or run nightly or aurora.
IIRC 43 will still ship with a pref to turn off signing, and 44 won't
anymore.
Please read earlier discussions about this to get more context before
proposing alternatives.
~ Gijs
(who, ftr, is not on the add-on team or "relevant people" - just happens
to have been following this discussion for a long time)
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
