[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Progress on broken bundled extensions

From: Mark H Weaver
Subject: Re: Progress on broken bundled extensions
Date: Thu, 21 Nov 2019 21:36:52 -0500

Hi Amin,

Amin Bandali <address@hidden> wrote:

> Mark H Weaver <address@hidden> writes:
>> Also, I removed the IceCat-specific
>> customization that sets
>> 'xpinstall.signatures.required' to false.  In
>> its place, at least for now, IceCat will need
>> to be configured with the more fine-grained
>> mozconfig option
>> --with-unsigned-addon-scopes=app, which
>> disables signature checking for extensions
>> that are bundled with IceCat.
> I think we should all have a discussion about
> this feature.  As it stands, I'm personally in
> favour of keeping it disabled (not requiring
> signatures when installing add-ons), for the
> following reasons:


> - Mozilla's recent track record doesn't inspire
>   my confidence in them, and I personally would
>   prefer to not put all my eggs in one basket
>   when it comes to a single entity having the
>   say about what add-ons I can or cannot run.
>   I still think some sort of measure would be
>   nice to have and is probably even necessary,
>   but I *really* don't want to have no option
>   but to rebuild my entire browser in order to
>   install an add-on that Mozilla may think I
>   should not install.

There seems to be a misunderstanding here.

'xpinstall.signatures.required' is a run-time user-configurable option
in <about:config>.  All I've done is to change its *default* value for
IceCat.  If you want to install an add-on that Mozilla won't sign, you
can simply go into <about:config> and set
'xpinstall.signatures.required' to 'false'.

There are various other options as well, including the "Load Temporary
Add-on..." button in <about:debugging>.

I could say more on this.  I've begun to familiarize myself with the
relevant code, and there are many options open to us, and various
policies we could decide upon.

For example, if we built IceCat with
"--with-unsigned-addon-scopes=app,system" (not quite the same as what I
wrote above), then addons within the system-wide extensions directory
would also not be checked for signatures, even when
'xpinstall.signatures.required' is set to 'true'.  We could also change
those more fine-grained settings into run-time configurable settings.

I can also see how to add the ability for users to install their own
personal signing certificates, to allow adding their own extensions
without going through Mozilla, while retaining the security advantages
of requiring signed extensions.

There are a lot of options open to us, but for now I just wanted to
mention that 'xpinstall.signatures.required' remains run-time


reply via email to

[Prev in Thread] Current Thread [Next in Thread]