

Mozilla’s Add-on Policy Is Hostile to Open Source - yzmtf2008
http://tomdale.net/2014/11/mozillas-add-on-policy-is-hostile-to-open-source/

======
IvyMike
> Though there was an initial review process for adding our extension to the
> Chrome Web Store, updates after that are approved immediately and rollout
> automatically to all of our users. This is wonderful,

This is also why several 'trusted' extensions morphed into malware.

[http://www.zdnet.com/firms-buy-popular-chrome-extensions-
to-...](http://www.zdnet.com/firms-buy-popular-chrome-extensions-to-inject-
malware-ads-7000025342/)

I agree that Firefox's slow vetting sucks, but a "auto-approval" process also
has its own suckiness.

~~~
forgotpasswd3x
If the choices are between a slow addon review process, and a webstore full of
malware, I'll definitely pick the slow addon review process.

------
newscracker
I don't see a lot of value in this article. I'm aware that the Mozilla review
process is slow, but this rant is not the one that's going to fire up people
in Mozilla to fix it.

The author cries, "...as an open source project, we’re already stretched
thin—it’s a colossal waste of resources to deal with the issues caused by this
policy. If we were a for-profit company, we could just make it someone’s job."

What does the author think Firefox and Mozilla are? Firefox is open source and
Mozilla is a non-profit. That Mozilla as a non-profit has policies to have
volunteers do what seems like a good job (especially looking at the AMO review
comments in this case) should be lauded. As IvyMike pointed out trusted
extensions morphing into malware in Chrome, which is developed by a hugely
for-profit company, it seems to me that Google is the one that should be
considered hostile to everyone in the community and should also be ashamed.

Also, the author does not need to stoop so low saying things like "I can not
in good conscience recommend that Ember developers use the Ember Inspector
add-on from the Mozilla add-ons page. Either compile it from source yourself
and set a reminder every few weeks to update it, or switch to Chrome until
this issue is resolved." For heaven's sake, host the extension on your site
and provide the link to the XPI file to your users. Firefox can install it
from there and your users will click on the "allow site to install extension"
dialog. There is no need to host your extension on AMO if you're this upset
with Mozilla.

------
jmount
The feedback given look relevant to me (from the article):

"Your version was rejected because of the following problems: 1) Extending the
prototype of native objects like Object, Array and String is not allowed
because it can cause compatibility problems with other add-ons or the browser
itself. (data/toolbar-button-panel.html line 40 et al.) 2) You are using an
outdated version of the Add-ons SDK, which we no longer accept. Please use the
latest stable version of the SDK: [https://developer.mozilla.org/Add-
ons/SDK](https://developer.mozilla.org/Add-ons/SDK) 3) Use of console.log() in
submitted version. Please fix them and submit again. Thank you."

------
illumen
Seems like a legit review. Reviews make some people cry though. I think once
people start using addons there's more people willing to do a review. Also,
just diff'ing from a previous version is quite easy to see the changes. So
future reviews will go quicker.

Trust will also grow the longer you are not a badie!

Anyone wanting to help review Add-ons can see what to do here:
[https://wiki.mozilla.org/AMO:Editors](https://wiki.mozilla.org/AMO:Editors)

------
aikah
Well,they didnt reject that add-on,just said it needed to be fixed.

> Mozilla’s Add-on Policy Is Hostile to Open Source

I dont like that title .and it's just not true.It a violent statement that
wont solve anything,just create outrage and maybe buzz on twitter...

Mozilla has add-on guidelines that are pretty light.

Do we really need to rely on flamebaits like these to fix issues? I think not.

Tom Dale forgot something called "moderation".

------
hardwaresofton
tldr; more of what everyone else is saying, review is valid, indictment of
mozilla's policy as "hostile to open source" is hasty

"we don't like mozilla's review process" != "mozilla's policy is hostile to
open source".

I think this blog post was made in frustration, and he's not the first or the
last person that will do so. While I can agree it took too long for the review
to come back (rejected at that), as others have said, the review is solid, and
Mozilla is stretched thin just like any other open source project/non profit.

If it's transparency ("it's not our fault") that you want, why not put up a
quick status page/alert for people? You could even expand that to a status
page for all the ongoing ember projects (plugins, new versions of ember), and
have a state that is clearly marked "being reviewed by firefox team" and the
appropriate version that was ready for release.

Also, maybe point some of the users that are complaining about slow firefox
plugin updates to the review helping link mentioned in the comments:
[https://wiki.mozilla.org/AMO:Editors](https://wiki.mozilla.org/AMO:Editors)

------
mwhite
To say that Firefox, one of a handful of end-user open source software
packages with global reach, is hostile to open source, is absurd.

Frontend web developers are a small fraction of Firefox's users, and you can't
expect them to tailor their processes and expend resources just so every niche
JavaScript framework can trumpet its six-week release cycle.

For the same reason that you usually shouldn't use your distro's packaging
system to install frequently changing development libraries, it makes more
sense to just default to manual installation of developer extensions. You can
always alert the developer if there's a new version. You may not even _want_
the developer extensions to auto-update because then you have to include
support for every previous version of your framework in each version, rather
than having the opportunity to remove support for old functionality and have
each extension version support only the equivalent framework version.

