[HTTPS-Everywhere] Firefox to require extensions be signed by addons.mozilla.org
J.B. Nicholson-Owens
jbn at forestfield.org
Tue Feb 10 19:59:14 PST 2015
Bill Phillips wrote:
> Isn't that a wee bit, um, fascisitic of Mozilla? Shouldn't they at least
> make it user-controllable?
Quoting the blog article:
> For extensions that will never be publicly distributed and will never
> leave an internal network, there will be a third option. We’ll have
> more details available on this in the near future.
and
> Installation of unsigned extensions will still be possible on Nightly
> and Developer Edition, as well as special, unbranded builds of
> Release and Beta that will be available mainly for developers testing
> their extensions.
But the article also says:
> An easy solution would be to force all developers to distribute their
> extensions through AMO, like what Google does for Chrome extensions.
> However, we believe that forcing all installs through our
> distribution channel is an unnecessary constraint.
which strikes me as incompatible with Free Software, software users are
allowed to run, modify, and share. Anyone who wants to could get a copy
of Firefox, remove the signature checking code, and distribute their
variant.
More information about the HTTPS-Everywhere
mailing list