> As it stands, Mozilla is going to hurt add-on developers Imagine developing an add-on for in-house purposes of your org, but can't install it without being signed by Mozilla.
On Thu, Feb 12, 2015 at 7:30 PM, Adam Bolte <[email protected]> wrote: > On 12/02/15 13:29, Brian May wrote: > > See > > > https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/ > > > > The following threads on the mailing list appear to be relevant (I > haven't > > read them yet): > > > > > https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/qIgLq28aTdI > > > https://groups.google.com/forum/#!topic/mozilla.addons.user-experience/slaKs943n4c > > Thanks. So Mozilla is to become a central signing authority for add-ons, > and all add-ons must be signed before they will be installable on > upcoming Firefox releases. Colour me impressed. > > I'm all for having add-ons signed. I take that pretty seriously > actually, and I didn't try Arch for years because they didn't support > package signing (which they have apparently since sorted). But there are > some big differences between what Mozilla is doing, and what other free > software projects do that distribute packages (such as Debian and > F-Droid, for example). > > The main problem is that Firefox is mandating all packages be signed by > Mozilla regardless of where and how the packages are distributed. I can > set up my own F-Droid or Apt repository just fine (and I have actually > done the later for apps installed and developed internally to my > workplace) - but *I* get to sign them. I don't need to submit them to > Debian first. > > As it stands, Mozilla is going to hurt add-on developers - making it > more difficult to test releases, much harder to find beta-testers, > introducing more manual steps, and an unnecessary delay in being able to > release. They are going to hurt end users - they will no longer have > access to old unmaintained add-ons unless they wish to learn how to fork > and submit them (which is unlikely many will do). Lastly, it's going to > hurt Mozilla, as IMO it further tarnishes their reputation (although > they already lost most of it when they chose to support EME extensions > IMO). > > There are other questions that have arisen, such as what will happen to > add-ons that basically enable side-loading scripts such GreaseMonkey and > dotjs, or add-ons that do things illegal in the US (eg. due to DMCA > restrictions) but are legal outside? What about environments that do not > allow private add-ons to be hosted on remote servers for fear of court > orders, the NSA, or a server compromise? The responses to such questions > have so far not been encouraging. > > I expect most GNU/Linux distributions which package rebadged versions of > Firefox and popular add-ons will be disabling this functionality out of > necessity anyway, but I still can't help but feel disappointed. > > > > _______________________________________________ > Free-software-melb mailing list > [email protected] > > http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb > > > Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/ > _______________________________________________ Free-software-melb mailing list [email protected] http://lists.softwarefreedom.com.au/cgi-bin/mailman/listinfo/free-software-melb Free Software Melbourne home page: http://www.freesoftware.asn.au/melb/
