[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Bug-gnuzilla] Introducing Extension Signing: A Safer Add-on Experie
From: |
Bjoern Nyjorden |
Subject: |
Re: [Bug-gnuzilla] Introducing Extension Signing: A Safer Add-on Experience |
Date: |
Mon, 30 Mar 2015 12:53:40 +0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
Hi all,
Two key points here:
In the original article;
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/:
- 5th bullet point states; "After the transition period, it will not
be possible to install unsigned extensions in Release or Beta versions
of Firefox. There won’t be any preferences or command line options to
disable this.";
- 6th bullet point states: "Installation of unsigned extensions will
still be possible on Nightly and Developer Edition, as well as special,
unbranded builds of Release and Beta that will be available mainly for
developers testing their extensions."
Note the key words/statement; "unbranded builds of Release and Beta".
I highly recommend that you also read through the three pages of
comments: Focus on all of Jorge Villalobos' replies regarding "unbranded
builds". The first noteworthy reply can be found on the first page:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/comment-page-1/#comments
Scroll to the very bottom of page one, then scroll up until you find the
following reply:
"Jorge Villalobos wrote on February 12, 2015 at 6:54 am::
> You say there will be unbranded builds that include the ability
to run unsigned extensions with the stable channel. Where?
We will link to them from the Developer Hub on AMO, and probably
from MDN as well. We haven’t determined where they will be hosted.
> Do they exist today?
No.
> Will they be supported by Mozilla?
Yes.
> Will they be as stable as the branded release channel?
Yes.
> Will I be able to go to the Mozilla FTP site and get an unbranded
build of any release like I can today?
I’m not familiar enough with our Release Engineering process to
know the answer for this, but I think it’s a good idea to host these
builds on FTP. I’ll definitely ask for that."
It would appear that we need to watch the AMO, ADD-ON Developer Hub, and
MDN sites for announcements regarding unbranded release builds:
AMO: https://addons.mozilla.org/en-US/firefox/
ADD-ON Developer Hub: https://addons.mozilla.org/en-US/developers/
MDN: https://developer.mozilla.org/en-US/
Cheers!
On 30/03/15 11:31, David Englund/Hedlund wrote:
On 2015-03-30 05:23, Svetlana A. Tkachenko wrote:
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/
Such signing requirement doesn't let the user run a modified copy of
an extension on their own computer, until the user figures out how to
disable it. IceCat folks would probably just disable the signing
requirement by default.
Svetlana
--
http://gnuzilla.gnu.org
My understanding is that Firefox just will tell the user that an add-on
that is going to be installed is either signed or not signed. But I have
not read the article.
--
http://gnuzilla.gnu.org