David E. Ross wrote:
According to <https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/>, Firefox will no longer allow extensions to be installed unless signed by Mozilla. Users will have NO option to allow an unsigned extension to be installed. That is, signatures by Mozilla will be mandatory.
On this, I think the intent is good, in protecting against rogue extensions, particularly ones that aren't distributed through AMO.
For what it's worth, I believe I have seen reports of malware writers acquiring ownership of Google Chrome extension projects that have been abandoned, but where they're still listed through Google's distribution mechanism.
However, as worded in this post, I think that prohibiting unsigned extensions entirely is overkill, as there are occasionally legitimate reasons for having extensions that may not be signed. These include limited-scope extensions that may not be publicly distributed, and ones that are no longer under development. I think that there is a place where it's reasonable for the user to have final say over whether the extension is trusted, and not Mozilla.
I did look through the list of responses, and it may be that there may be a little more space, than is indicated by by the initial post: https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/comment-page-2/#comment-212732
Smith _______________________________________________ support-seamonkey mailing list [email protected] https://lists.mozilla.org/listinfo/support-seamonkey
