Hacker News new | ask | show | jobs
by megous 503 days ago
That's because it's an ESR build. Normal build does that, too. The extensions still have to be signed. It's not a Debian thing.

One ESR build, you can disable signature checks though in about:config. Not sure how this fits into the standard Mozilla orthodoxy. Remember that core tenet of the orthodoxy is that users can't be trusted to protect themselves...

So maybe Mozilla cares less about safety of users that want to use their ESR (extended support) build. There are way fewer of these users than that of main Firefox build, so their safety is maybe not that important on the grand scale of 2.5% marketshare that Firefox still holds.
2 comments
pabs3 502 days ago
The extensions in /usr definitely do not need to be signed, I've loaded unsigned ones before and the webext-* packages do not contain signatures.
link
megous 502 days ago
Looks like the cause that this does not work for me is extensions.autoDisableScopes defaulting to 11

Well, great. This is at least something :)

link
pabs3 502 days ago
What I said applies to both of Debian's firefox and firefox-esr packages, so it definitely isn't just an ESR thing.
link