this post was submitted on 12 Jun 2024
63 points (100.0% liked)

Firefox

1 readers
13 users here now

The latest news and developments on Firefox and Mozilla, a global non-profit that strives to promote openness, innovation and opportunity on the web.

You can subscribe to this community from any Kbin or Lemmy instance:

Related

Rules

While we are not an official Mozilla community, we have adopted the Mozilla Community Participation Guidelines as far as it can be applied to a bin.

Rules

  1. Always be civil and respectful
    Don't be toxic, hostile, or a troll, especially towards Mozilla employees. This includes gratuitous use of profanity.

  2. Don't be a bigot
    No form of bigotry will be tolerated.

  3. Don't post security compromising suggestions
    If you do, include an obvious and clear warning.

  4. Don't post conspiracy theories
    Especially ones about nefarious intentions or funding. If you're concerned: Ask. Please don’t fuel conspiracy thinking here. Don’t try to spread FUD, especially against reliable privacy-enhancing software. Extraordinary claims require extraordinary evidence. Show credible sources.

  5. Don't accuse others of shilling
    Send honest concerns to the moderators and/or admins, and we will investigate.

  6. Do not remove your help posts after they receive replies
    Half the point of asking questions in a public sub is so that everyone can benefit from the answers—which is impossible if you go deleting everything behind yourself once you've gotten yours.

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Ephera@lemmy.ml 2 points 4 months ago (1 children)

Ah yeah, true, getting just the signed XPI should work as well.

And well, it is tricky. The signing requirement allows them to block malicious add-ons, which could also be used for state censorship.
I think, offering a separate path for people to install unsigned extensions, if they need it, while blocking them for the majority and therefore making them inviable for malware to target, that's in principle a smart compromise.

Also, side-note: Folks who are on Linux likely don't need to install a separate version of Firefox. Linux distros tend to compile with the unsigned extension support enabled (just need to toggle the flag in about:config).

[–] chicken@lemmy.dbzer0.com 3 points 4 months ago

I guess in this case the malware angle means it's probably better to require signing, since maybe Russia could successfully distribute malicious fake versions of these extensions otherwise. Still, the centralization here is worrying.