On 2/10/15 3:38 PM, luck...@musites.com
> On Tuesday, 10 February 2015 20:25:48 UTC, Jorge Villalobos wrote:
>> On 2/10/15 1:22 PM, Jonathan Kamens wrote:
>>> Under this plan, how will alpha / beta versions of
>>> add-ons hosted on AMO be handled?
>> They will probably get the basic signing that non-AMO add-ons will get,
>> since they aren't typically code reviewed.
> It is important that beta versions can be distributed near-instantaneously so I hope that the proposed automated signing process will not be trying too many fancy code-profiling tricks - for example, the current AMO submission validation warning level is very easy to set off for innocuous reasons. I think relying on very basic checks and user-level blocks would be appropriate, at least to start with.
We want to avoid blocking add-on distribution as much as possible, both
for beta versions and all non-AMO add-ons. We will definitely aim for
this process to be as quick and easy as possible.
>> There are no plans to implement this on Thunderbird, since Thunderbird
>> extension malware hasn't been a problem in the past. So it shouldn't
>> make a difference if your extension is signed or not for it to work on
>> Thunderbird. Whether we automatically sign AMO extensions for
>> Thunderbird or we don't will probably depend on what's easier to
>> implement for AMO.
> As an author of an add-on with a single version that can be installed to Firefox or Thunderbird I would strongly prefer a consistent behaviour in order to avoid causing users unnecessary concern about why the addon is unsigned when they install it to Thunderbird.
Since we're using the same signing system that already exists for
add-ons on both Firefox and Thunderbird, that shouldn't be a problem.
Signed add-ons will appear as signed on Thunderbird. There might be a
need to update the UI so the add-ons don't appear as signed by Mozilla,
but that should be a relatively minor issue.
> Overall though, I must say that I'm happy with the signing plan and look forward to it rolling out to all Firefox users.