barbaz wrote:Are they at least going to offer extension devs and power users a way to, say, self-sign add-ons (*completely* offline / locally) and then add ourselves as a trusted signer alongside Mozilla so we can at least keep developing our own add-ons for personal use? If so, would there be a way to leverage such a thing for the converter, even though it would require the end user to add Lemon Juice as a trusted signer?
I would think such a thing could have similar mechanism as current certificate management without making it less able to do what it's intended to do, no?
It's to early to tell what will be possible because the SM developers are only beginning to discuss it. I only wonder if the overwhelming (!) majority of them are also in favour of getting rid of this new "feature"? And also - are there any SM users who appreciate this new Mozilla "security" feature and would be happy to see it in SM? They should reveal themselves
Frank Lion wrote:Mozilla can self-sign my backside.
Very well said. It's hard for me to image how anyone among the Fx developers could even begin to *think* about the possibility of crippling the browser in such a way destroying one of its most powerful and useful attributes. Yes, the drift is clear.
If SM doesn't implement the changes then it will become THE powerful browser of the Mozilla family - just by comparison. And also, well, Pale Moon, which I suspect will also remain traditional in not requiring any add-on signing.
rsx11m wrote:If it's a build-time autoconfig option, SeaMonkey would hopefully be able to be built with the whitelisting option in its releases. This might still imply that whoever wants to run the add-on has to extract its ID and add it to the whitelist, that's a tough obligation for the average user...
But then, it still looks like a draft at this moment, thus specs may change.
Thanks for the info. Yes, things may change but it looks like some kind of solution can be worked out. Or maybe it would be possible to simply implement (by SM devs) right into the toolkit a simple switch and an if-statement that allows the signing check to be disabled completely - Fx devs wouldn't have to use it at all so perhaps they wouldn't mind if it existed for other applications?