From one of the dozens of conversations over at User Experience:
https://groups.google.com/forum/#!topic ... Tb9ndgzBkgJorge wrote:The unbranded and dev versions will have the signing enforcement off by
default, but they will have a setting to turn it on. This setting won't
exist on Beta and Release versions.
So no pref in branded Release/Beta. Pref in unbranded Release/Beta and all Nighty/Dev builds. The pref is default to off, but can be enabled to allow authors to test to see if the signing is working.
mcdavis wrote:My concern, which is probably the same as your concern, and maybe what you were really getting to, is about what we can do with add-ons, and whether there's a vector that's specific to the kind of add-ons we write (having to do with restarting), which would relate to that concern.
I don't think there's anything in there *we* have to worry about. As registered AMO developers, our existing extensions should automatically get signed and that's that. I am more worried about this move being used as a tactic to completely kill XUL extensions, although I'm not sure how SeaMonkey would deal with such a move.
There are some grey areas though:
1. It's not entirely clear to me if *experimental* extensions are automatically signed or if they will require a secondary code review. That could create a real bog-down in a process
2. Will AMO be able to handle all of this extra traffic in a meaningful time frame? Extensions reviews for Firefox, even for experimental addons was atrociously slow last time I tried to get anything through. And a three-week or more wait just to get something to a stage where a tester can look at it seems like a non-starter.
3. It's not entirely clear if signatures are version independent. Will every single update have to be signed separately?
4. If the Extensions Updates mechanism is used for downloading the "certs" what happens to users who have automatic updates disabled? And even if the check is mandatory... what happens if the AMO servers are down, as they tend to be right around update time? Or if there's a bad connection?
5. Is there any protection planned against malware authors just mimicking an existing, signed extension? Checksum hash? If so, that gets really weird with platform-specific versions, which would all have different checksums.