

Introducing Extension Signing: A Safer Add-On Experience - bpierre
http://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/

======
reirob
The essence fort developers:

> For developers hosting their add-ons on AMO, this means that they will have
> to either test on Developer Edition, Nightly, or one of the unbranded
> builds. The rest of the submission and review process will remain unchanged,
> except that extensions will be automatically signed once they pass review.

> For other developers, this is a larger change. For testing development
> versions, they’ll have the same options available as AMO add-on developers.
> For release versions, however, we’re introducing the required step of
> uploading the extension file to AMO for signing. For most cases, this step
> will be automatic, but in cases where the extension doesn’t pass these
> tests, there will be the option to request a manual code review.

> In the case of developers who want their extensions to be side loaded
> (installed via an application installer rather than using the usual Web
> install method) the review bar will be higher, equal to fully reviewed add-
> ons on AMO (with the exception of AMO content restrictions). This is a
> convenient installation avenue for software that comes bundled with an
> extension, for example an antivirus application that includes a Firefox
> extension that interacts with it.

------
detaro
A good step forward from "Addons are distributed via HTTPS and therefore
secure". Some probably would prefer if developers could sign them themselves
without submitting them online, but you'd still need the certs signed by a
Mozilla CA for the browser to be able to check them...

------
getdavidhiggins
This is welcome news. I audit each addon/extension/plugin I download. I
spotted some dodgy plugins in the past that logged traffic and sent it back to
a remote server. Not cool. Others would simply not have time to manually
audit, so this news is fantastic. I learned the hard way that Firefox addons
are pretty lax in terms of sandbox features. Why are plugins allowed talk to
the public Internet? Such a massive security hole.

~~~
stevenh
I know that of all the major browsers, Firefox's extension ecosystem is the
most secure due to the strict rules and ruthless approval process. It's nice
that they are now going even farther with it.

It blows my mind that Chrome puts so much work into preventing XSS, complete
with built-in reflected XSS prevention and special restrictive HTTP headers,
but then turns around and gives anyone with an extension carte blanche to
circumvent all of it.

