[arch-general] Firefox without signature checking
Ben Oliver
benoliver999 at gmail.com
Sat Jan 2 20:32:07 UTC 2016
On 2 January 2016 at 20:17, Kyle Terrien <kyleterrien at gmail.com> wrote:
> Hello,
>
> Are there plans to package a version of Firefox 44 that lets you disable
> extension signature checking?
>
> Background: Firefox is shipping with signature checking for addons.
> Right now (in Firefox 43), there is an option to disable it if you need
> to use an unsigned addon. However, that option is being removed in
> Firefox 44. [0]
>
> Signature checking itself is actually a very good concept. However, the
> way Mozilla has implemented it in Firefox (imho) is not. Every
> extension must be signed by Mozilla, and only Mozilla, creating a walled
> garden. From my understanding, there will be no way to override this
> extension check unless you recompile Firefox and build an unbranded
> version.
>
> Personally, I think this mechanism goes against the Arch Linux tenet of
> user centrality [1]. As a user, you should ultimately be allowed to
> decide what you want to install on your system. Also, how are you
> supposed to build your own extensions or test someone else's extension
> on Firefox stable? Fedora recently discussed the possibility of
> packaging an "unofficial" Firefox [2]. (Take a look at their bugtracker
> for some good points.)
>
> Is an abrowser package with the ability to disable extension signing
> warranted?
>
> I am posting to this mailing list because I have not seen much
> discussion about Firefox extension signing in the Arch Linux world.
> Developers, what are your thoughts? Is it worth it packaging an
> "unofficial" version of Firefox?
>
> --Kyle Terrien
>
>
This sounds like something for the AUR. I do not agree with this move from
Mozilla and it would be interesting to see the interest in such a package.
More information about the arch-general
mailing list