[cute_boi]

And you cannot install dev extension in mozilla like chrome without uploading in addons hub. Mozilla is becoming to bad these days.

[poisonborz]

Not true, you can simply use an xpi file, without signature even when a flag is set.

[yjftsjthsd-h]

https://support.mozilla.org/en-US/kb/add-on-signing-in-firef... seems to say that the normal release of Firefox can't install unsigned XPIs

[smsm42]

I think we're at the point where we need to ask, how the fsck supposedly "open browser" prohibits their own users from installing extensions they want to install? I mean, I get signing - if you want signing, you can use it. I even get the config option for enterprise setups, maybe - so if an org wants to standardize on Firefox and prohibit workers from installing unsigned extensions - fine. But when it comes to my own install, that's just bullshit.

[paulryanrogers]

It's a trade off between security for normies and power for technical users. I disagreed at the time (as an addon author) yet have come around to agreeing with the choice.

[smsm42]

Normies don't know what the "addon" is and likely would have IT to install them anyway.

[lmz]

It's not IT. It's the "potentially unwanted software" installers they download. There's no way to distinguish a user installing an unsigned addon vs some malware doing so.

[RunningDroid]

If you modify the AppConstants file (inside omni.ja) you can install unsigned extensions anyway:

https://gist.github.com/TheBrokenRail/c43bf0f07f4860adac2631...

[yjftsjthsd-h]

That link appears to describe a process for patching the Firefox package. That does not strike me as a reasonable solution.

[RunningDroid]

I didn't say it was reasonable, just that it's an option.

[poisonborz]

Sorry, dev and nightly, but that doesnt impact browser experience otherwise.

https://wiki.mozilla.org/Add-ons/Extension_Signing#FAQ

[yjftsjthsd-h]

Using pre-release versions absolutely is different