Mozilla new policy about Addon non-signed

Popzelife · February 13, 2015, 6:30pm

I’ve made a quick search on this topic but find any opened thread - let me know so

Few days ago Mozilla announced Firefox won’t accept anymore non-signed add-on for the user security. I can understand that point but I’m still a little bit uncomfortable with that: considering it’s “alike” Apple or Google playstore rules. As a reps I’ve faced few reactions and questions.

So that’s why I’m openning this thread to let everyone talk about this decision and share your feeling.

My opinion :

I understand it will help the lambda/common user to stay safe and still let other users to use non-signed with Nightly and Dev version. I might be sad some people (especially on purpose) used the open services to corrupt user privacy or security.
Though it’s an educational problem we reach here since Firefox always let know if add on were verified by Mozilla or not.

nukeador · February 13, 2015, 6:34pm

@Popzelife do you have a link for the official announcement?

Popzelife · February 13, 2015, 6:45pm

Introducing Extension Signing: A Safer Add-on Experience I’ve read a French version but here is the article from the Mozilla blog

brwolfgang · February 14, 2015, 2:51pm

I really liked the way Mozilla approached this issue, I believe well intentioned developers will not see this as a hassle since, as Mozilla stated, the signature process will be fast and automatic.

Popzelife · February 17, 2015, 12:07am

I’m following your statement Wolfgang, I’ve seen developers or others Mozillians that agreed this new approach. But some other totally disagree and think it’s a step backward: like killing the open source.

I don’t think it’s bad what they’ve done for user security and saving Firefox performance somehow. But I won’t think it’s a step forward what Mozilla values are… When Mozilla starts to say who can publish add on and who cannot - or what addons can and cannot be published. It’s mostly beeing seen as a failure of the open source model. But I’m mad at people who were exploiting it and dismissing the “freely addon system”.

It’s more an educational issue though. Even if Mozilla told this addon wasn’t signed some people just installed “everything” and got troubles afterward.

gerv · February 17, 2015, 11:07am

We already do that, basically. It’s called the Addon Blocklist. Being able to say “No, Firefox will not run this addon” is vital to protecting our users.