Firefox addon signing

Reindl Harald h.reindl at
Thu Feb 12 18:07:34 UTC 2015

Am 12.02.2015 um 18:53 schrieb Simo Sorce:
>> Maybe it is only about preventing people from bundling the official
>> Firefox version with dodgy add-ons.  Not downright malware, but things
>> users may not actually want without realizing it.  The signature
>> checking means that those who prepare the downloads can no longer use
>> the unmodified upstream binary.  Which in turn might force them not to
>> use Mozilla brands.
>> Maybe this is a bit far-fetched, but after hours of staring at other
>> people's code today, it seems pretty reasonable to me.
>> But what do add-on developers do?  Surely there is a way to disable this
>> somehow?
> Mozilla stated they will have to use the Developer Version (Aurora was
> the name ?) or the nightlies ...

than Fedora needs to switch to the developer version if that *really* 
can't be disabled via about:config - that is a unacceptable restriction 
until hmtlvalidator, livehttpheaders and friends are available sigend 
via the mozilla page

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list