The Slashdot summary exaggerates when it says signing is “without any possible user override”. There is no override possible in the Firefox browser that general users download, but as the blog post explains:
Installation of unsigned extensions will still be possible on Nightly and Developer Edition, as well as special, unbranded builds of Release and Beta that will be available mainly for developers testing their extensions.
For extensions that will never be publicly distributed and will never leave an internal network, there will be a third option. We’ll have more details available on this in the near future.
I do wish, however, that the blog post had given statistics about the prevalence of malicious add-on installs that they are trying to prevent with this plan. I think developers would feel better about this new hassle of signing if they knew that, for example, 10% of all “add-on ignorant” Firefox users (users who did not install any non-blacklisted add-ons), equalling 20,000 users, have a malicious add-on installed. Without knowing how bad the problem that this solves is, we developers can’t judge whether this solution is worth the inconvenience.
Thank goodness someone is here to save us from evil code!
Here’s the original link, since Slashdot sees fit to ban Tor users:
I think the original Mozilla blog post is much more explanatory than this. What value did the summary add?
I understand why, but I’m a bit grumpy because the add-on development process for Firefox is already less convenient than Chrome, and Chrome even disabled installs from outside the Play Store not long ago.
Also, I already sign my extension with McCoy, to facilitate secure auto-updates. While it does make it so their blacklist would be effective against me (switching my id would require all users to reinstall), I’m guessing that still doesn’t qualify under this new requirement. Bad actors could just sideload a new xpi with a new id and signature.
So I take it this really means “signed by Mozilla”.