←back to thread

Firefox 42 will not allow unsigned extensions

(wiki.mozilla.org)
288 points fernandotakai | 4 comments | 11 Aug 15 03:51 UTC | HN request time: 0s | source
Show context
Sir_Cmpwn ◴[11 Aug 15 11:57 UTC] No.10040329[source]
I use several small add-ons I wrote myself. Why should I have to get Mozilla's approval before I can install my own damn add-ons? One of them executes processes and I'm 99% sure it'll fail the automated review.

EDIT: It passed the automated review, but my point stands. If I wrote the code, then you can be damn sure I trust it.

replies(1): >>10040577 #
atopal ◴[11 Aug 15 12:50 UTC] No.10040577[source]
> I use several small add-ons I wrote myself. Why should I have to get Mozilla's approval before I can install my own damn add-ons?

Mozilla has to balance the needs of several hundred million users, who are being attacked by malware every day, with the needs of people who write their own add-ons. Is it really that difficult to see it from that perspective? And it's not like you have no options now. You can either use the developer edition or the special release version where this feature is disabled.

replies(1): >>10040681 #
Sir_Cmpwn ◴[11 Aug 15 13:06 UTC] No.10040681[source]
They've always catered to the hacker perspective, too. Why take out the about:config flag? How about letting me trust my own certificate, instead of just AMO's? What about running AMO alternatives?
replies(1): >>10040835 #
atopal ◴[11 Aug 15 13:26 UTC] No.10040835[source]
Did you not read the blog post? You can use the dev edition or the special release and beta version that don't have this limitation. Nobody is forcing you to live with this limitation. If this was done as an about:config flag it could easily be changed by an add-on too.
replies(1): >>10040843 #
Sir_Cmpwn ◴[11 Aug 15 13:27 UTC] No.10040843[source]
I did read the blog post. It says I have to use a less stable (beta) or less customizable (dev edition) version of Firefox to avoid this burden.
replies(2): >>10040922 #>>10041346 #
atopal ◴[11 Aug 15 13:38 UTC] No.10040922[source]
From https://wiki.mozilla.org/Addons/Extension_Signing

"What are my options if I want to install unsigned extensions in Firefox?

The Developer Edition and Nightly versions of Firefox will have a setting to disable signature checks. There will also be special unbranded versions of Release and Beta that will have this setting, so that add-on developers can work on their add-ons without having to sign every build."

replies(1): >>10040998 #
Sir_Cmpwn ◴[11 Aug 15 13:48 UTC] No.10040998[source]
Ah, nice. Even so, I still have issues with this:

- Special version of the software

- Can't run my own version of AMO

replies(1): >>10041243 #
1. reubenmorais ◴[11 Aug 15 14:23 UTC] No.10041243[source]
> - Can't run my own version of AMO

You can, AMO is open source: https://github.com/mozilla/olympia

Run your own instance and make your own builds of Firefox that point to it and you're good.

replies(1): >>10041262 #
2. Sir_Cmpwn ◴[11 Aug 15 14:25 UTC] No.10041262[source]
>make your own builds of Firefox

Yeah, let me just get all of the potential users of my AMO alternative to compile a custom version of Firefox for it

replies(1): >>10041521 #
3. reubenmorais ◴[11 Aug 15 14:59 UTC] No.10041521[source]
If you want to run a custom AMO I'm assuming you're in a corporate environment or something like that where you can control what browser gets installed on people's machines.

https://addons.mozilla.org is an integral part of Firefox, if you set it up with an alternative you're effectively making your own fork.

replies(1): >>10041566 #
4. Sir_Cmpwn ◴[11 Aug 15 15:03 UTC] No.10041566{3}[source]
It's not an integral part of Firefox, though. You can install add-ons without it by just clicking a link on any page that leads to an XPI, same as how AMO behaves.

And no, I'm not in a corporate environment. I'm talking about decentralization.