Extension Signing Coming Later in 2015

This is a really good idea as all too often people end up installing extensions (knowingly or unknowingly) which end up making unwanted and undesired changes to their Firefox browser. I don’t think it is going to have that big of a negative impact as this will be a way to prevent the bad extensions from being installed. Problems I could see though would be folks running a fresh install or profile and trying to install an add-on that has been abandoned by the developer.

Extensions that change the homepage and search settings without user consent have become very common, just like extensions that inject advertisements into Web pages or even inject malicious scripts into social media sites. To combat this, we created a set of add-on guidelines all add-on makers must follow, and we have been enforcing them via blocklisting (remote disabling of misbehaving extensions). However, extensions that violate these guidelines are distributed almost exclusively outside of AMO and tracking them all down has become increasingly impractical. Furthermore, malicious developers have devised ways to make their extensions harder to discover and harder to blocklist, making our jobs more difficult.

We’re responsible for our add-ons ecosystem and we can’t sit idle as our users suffer due to bad add-ons. An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions. However, we believe that forcing all installs through our distribution channel is an unnecessary constraint. To keep this balance, we have come up with extension signing, which will give us better oversight on the add-ons ecosystem while not forcing AMO to be the only add-on distribution channel.

It is important to note this will be Firefox only. There are currently no plans for extension signing in Thunderbird, SeaMonkey or unofficial builds such as WaterFox and PaleMoon. Also, the plan is start with a ‘warning phase’ starting in Firefox 39 (Release Date: June 30th) and will be enforced beginning with Firefox 41 (Release Date: September 22nd). This means developers have 4-months before the ‘warning phase’ and over 7-months before unsigned extensions will be blocked.

via: Mozilla Add-ons Blog

1 Trackbacks & Pingbacks

  1. More about Extension Signing | Firefox Extension Guru's Blog

Comments are closed.