<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hello,<br>
I use several addons directly from their developer's github pages.
However, Mozilla recently decided to have a mind of it's own and
disable them in the latest Iceweasel v43. They are centralizing and
forcing all developers to go through their identification service
over at AMO.<br>
<br>
See here: <a class="moz-txt-link-freetext" href="https://wiki.mozilla.org/Addons/Extension_Signing">https://wiki.mozilla.org/Addons/Extension_Signing</a><br>
<br>
<br>
For the non-prism version it may be a good idea to disable this,
since it appears to be contacting Mozilla to verify all of your
addons to find if they are "authorized" Mozilla addons. This would
be great for fingerprinting and meta data.<br>
<br>
As of the coming Firefox 44 it will be forced, and there will be no
override (outside of patching our own).<br>
<br>
The temporary override for Firefox 43 is <i>xpinstall.signatures.required
</i>in <a class="moz-txt-link-freetext" href="about:config">about:config</a>.<i><br>
</i><br>
While the idea of signing is good, I feel it is up to the user to
verify trust. GPG signed .xpi are just as good (if not better) than
trusting Mozilla's API signing key.<i><br>
</i>
</body>
</html>