Firefox 41 will block unsigned extensions

[Mouse5]

I dont know if this has been asked before, but is this restriction going to be forced in Thunderbird too?

possibly better off asking in the Thunderbird Forum. in that Daily Thread, rsx or JoeS may know

[LoudNoise]

Unless things have changed recently, not at the moment anyway.

If you have been following this you should know that it won't happen to either SeaMonkey nor Thunderbird at least until Mozilla makes it impossible not to do it by using Gecko.

See this: https://wiki.mozilla.org/Addons/Extension_Signing#FAQ

[lithopsian]

Bugzilla request to enable signing for Thunderbird. Not popular, not happening.

[patrickjdempsey]

It seems like suicide for a small project to do that. Not even from the user popularity aspect of it... just from the angle of the pure development hell it places the project and AMO fork.

[globalplayer]

As I mentioned previously, signing was originally designed entirely for this purpose of off-site hosting, and therefore was always used with a "updateURL".

For the purpose of off-site hosting? Sounds like a foul joke to me.

In my book, this is starting to become a sort of "AMO dictatorship". Because there are great (but aggressive) add-ons around which would never appear on AMO because their developers don't agree even a tiny bit with AMO's policy!
And as a developer, you have to agree to a LOT of stuff when you publish your add-on on AMO.

Lobbyism has spread all over the place @ Mozilla Foundation. So even in the past, in "good ol' unsigned times", they occasionally blocked the one or the other "aggressive" add-on which they deemed to be against their policy (even though users did like it).
As some "more rebellious" developers (well, I'm a rebel with such things, too) couldn't agree to their policy, these devs hosted their add-ons on their own web pages, leaving themselves the freedom to do what they wanted instead of having to agree to dubious paragraphs put up by the Foundation.

And it's just these guys they'll be blocking now as well, because every developer MUST let their add-on get reviewed by one of the Mozilla Foundation yea-sayers ("scientologically" brainwashed enough to not question any decisions the Mozilla deities have made so far and will be making in the future).

So yes, there's a whiff of politics perceptible in this unsigned-goes-signed movement.

[patrickjdempsey]

As I mentioned previously, signing was originally designed entirely for this purpose of off-site hosting, and therefore was always used with a "updateURL".

For the purpose of off-site hosting? Sounds like a foul joke to me.

Addons hosted on HTTP self-hosted sites had to be signed for security reasons as it was the only way to guarantee that the extension that was downloaded was actually the correct one. Addons hosted on HTTPS sites did not have to be signed because the connection was protected. The original policy predates the era of cheap and ubiquitous encryption. And the huge PITA that was self-signing made it worthwhile to just go ahead and host on AMO. Mozilla has supposedly somewhat remedied that with easier self-signing tools they released recently.