On 2 January 2016 at 20:17, Kyle Terrien <kyleterrien@gmail.com> wrote:
Hello,
Are there plans to package a version of Firefox 44 that lets you disable extension signature checking?
Background: Firefox is shipping with signature checking for addons. Right now (in Firefox 43), there is an option to disable it if you need to use an unsigned addon. However, that option is being removed in Firefox 44. [0]
Signature checking itself is actually a very good concept. However, the way Mozilla has implemented it in Firefox (imho) is not. Every extension must be signed by Mozilla, and only Mozilla, creating a walled garden. From my understanding, there will be no way to override this extension check unless you recompile Firefox and build an unbranded version.
Personally, I think this mechanism goes against the Arch Linux tenet of user centrality [1]. As a user, you should ultimately be allowed to decide what you want to install on your system. Also, how are you supposed to build your own extensions or test someone else's extension on Firefox stable? Fedora recently discussed the possibility of packaging an "unofficial" Firefox [2]. (Take a look at their bugtracker for some good points.)
Is an abrowser package with the ability to disable extension signing warranted?
I am posting to this mailing list because I have not seen much discussion about Firefox extension signing in the Arch Linux world. Developers, what are your thoughts? Is it worth it packaging an "unofficial" version of Firefox?
--Kyle Terrien
This sounds like something for the AUR. I do not agree with this move from Mozilla and it would be interesting to see the interest in such a package.