[idle_zealot]

Out of curiosity, under what circumstances would you consider distributing an extension bundle to be leaking its code? Unless I'm misunderstanding, isn't this the same file you'll be distributing to your users? At first bluff it seems similar to worrying about leaking your website's frontend (I've got news for you...).

[tomp]

It could be a private extension developed by a company internally, and only distributed to internal users.

[earenndil]

If it's for an entire company, then it's easy enough to compile your own copy of firefox that accepts extensions signed with the company signature rather than mozilla.

[funklebunkle]

It's really not. Small businesses exist.

[earenndil]

If you have the resources to develop an internal company addon, you have the resources to build a firefox that accepts a different signature.

[jamietanna]

Respectfully disagree - having to rebuild each time patches come out, on multiple OSes and versions, which have a patch to allow unsigned extensions is a massively more time expensive than developing a browser extension, and requires extra knowledge on the behalf of the persons responsible

[Vinnl]

Luckily it's not necessary: you can still enable a flag in ESR releases that allow installation of unsigned add-ons, so that solves it for company-internal tools.

[uremog]

off-topic: the phrase is, "at first blush"