Firefox 42 will not allow unsigned extensions

(wiki.mozilla.org)

288 points fernandotakai | 3 comments | 11 Aug 15 03:51 UTC | HN request time: 0s | source

Show context

mveety ◴[11 Aug 15 04:25 UTC] No.10039079[source]▶

>>10038999 (OP) #

What is the point of this? Shouldn't users be allowed to make their own decisions no matter how stupid or dangerous?

replies(3): >>10039083 #>>10039117 #>>10039150 #

brighteyes ◴[11 Aug 15 04:26 UTC] No.10039083[source]▶

>>10039079 #

Users still can, they can download one of the provided builds that do not have this restriction.

The issue is that most users don't understand software on a deep level, and just click "yes" on dialog boxes, etc.

It does make sense to keep the defaults where it prevents most users from harm.

replies(3): >>10039126 #>>10039355 #>>10040030 #

1. tenfingers ◴[11 Aug 15 10:22 UTC] No.10040030[source]▶

>>10039083 #

But it doesn't! As long as downloading anything is allowed, signing requirements on extensions will not prevent anything.

And by experience supporting users, this is not how bad extensions get installed on the system: they're pulled in by malware which gets installed by other means.

This is only going to irate legitimate extension developers, which already have to wait weeks for AMO to review even the most basic change. I've been distributing extensions separately precisely for this reason.

replies(1): >>10040144 #

2. wsha ◴[11 Aug 15 10:56 UTC] No.10040144[source]▶

>>10040030 (TP) #

But ths change will prevent bad extensions pulled in by malware installed by other means.... On systems that require application signing, that should do some good (otherwise I'd expect malware to just switch from sideloading extensions to sideloading a modified version of Firefox).

replies(1): >>10042219 #

3. tenfingers ◴[11 Aug 15 16:18 UTC] No.10042219[source]▶

>>10040144 #

How many systems do you think require application signing?

↑