[Dev] New Iceweasel blocks unauthorized addons

Luke g4jc at openmailbox.org
Fri Dec 18 13:57:31 GMT 2015


Hello,
I use several addons directly from their developer's github pages.
However, Mozilla recently decided to have a mind of it's own and disable
them in the latest Iceweasel v43. They are centralizing and forcing all
developers to go through their identification service over at AMO.

See here: https://wiki.mozilla.org/Addons/Extension_Signing


For the non-prism version it may be a good idea to disable this, since
it appears to be contacting Mozilla to verify all of your addons to find
if they are "authorized" Mozilla addons. This would be great for
fingerprinting and meta data.

As of the coming Firefox 44 it will be forced, and there will be no
override (outside of patching our own).

The temporary override for Firefox 43 is /xpinstall.signatures.required
/in about:config./
/
While the idea of signing is good, I feel it is up to the user to verify
trust. GPG signed .xpi are just as good (if not better) than trusting
Mozilla's API signing key./
/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20151218/ab2b30fe/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20151218/ab2b30fe/attachment.sig>


More information about the Dev mailing list