
Tridactyl has been delisted from AMO - feanaro
https://github.com/tridactyl/tridactyl/issues/1800#issuecomment-525133008
======
cmcaine
Hello, I am one of the founding contributors to Tridactyl.

I think the three comments from this one[1] down summarise the overall issue
well.

[1]:
[https://github.com/tridactyl/tridactyl/issues/1800#issuecomm...](https://github.com/tridactyl/tridactyl/issues/1800#issuecomment-523797764)

After appealing the first reviewer's decision, we appealed to the amo-admins
who basically said "we agree with reviewer 1 and will _reject_ affected
versions of the addon".

Apparently they have decided that all of our addon versions ever are affected
(which is not really true) and have delisted the entire addon.

Further, they have asked us to also remove another opt-in feature that
disables some CSP protections so that Tridactyl can insert its own UI into
e.g. raw.githubusercontent.com. This is required because webextension content
can still be blocked by a site's CSP setting, supposedly this is fixed in
Firefox 69, but our testing is inconclusive and the new Firefox ESR is 68
anyway.

Our intention is to make tridactyl compatible with the AMO reviewers' requests
for the sake of our users, but we're all very busy and none of us really wants
to make these (in our opinion) overly invasive and unnecessary changes.

Our understanding is that users who have already installed Tridactyl will
continue to have it installed and that new users will not be able to install
it or find it on the AMO (where it has been removed with no explanatory text),
but they can follow instructions on our github repo to install it fairly
easily.

We believe that the AMO reviewers' choices do not serve the community and that
a more suitable response would be to ask us to display prominent warnings over
these features for our users and ask for their re-informed consent for their
continued use.

We also note that loads of other extensions (including Mozilla-recommended
addons) talk about the very same config settings that we have been delisted
for on their AMO pages![2]

[2]:
[https://www.google.com/search?q=site:addons.mozilla.org+exte...](https://www.google.com/search?q=site:addons.mozilla.org+extensions.webextensions.restrictedDomains)

Just deleting the features and undoing the changes for all users (as Mozilla
has asked us to do) means that Mozilla is forcing our users to adopt a risk
model and level of risk aversion that I think is not actually appropriate for
the majority of our users. If we want to trade a little security for
functionality we should be able to do that.

~~~
cmcaine
Another fun thing to note is that because they have delisted the addon users
may also struggle to work out what is going on, which really goes against the
whole "let's update this critical security preference" thing.

If they had left us listed but only with older versions we could have at least
left a message in the addon description telling people about the issue and how
to manually revert the preference for people who care. And obviously we would
have done so if asked.

~~~
feanaro
I'm just annoyed that my fears of losing the ability to implement and use
powerful Firefox extensions, ever since Mozilla instituted the extension
walled garden, are slowly but surely coming true.

------
floatingatoll
Previously discussed (as a possible outcome) on HN:
[https://news.ycombinator.com/item?id=20716963](https://news.ycombinator.com/item?id=20716963)

~~~
feanaro
Just to stave off any possible confusion: the title of this submission talks
about the possibility of existing _installations_ getting forcefully removed
from users' browsers. This has so far not happened. What happened is that
Tridactyl disappeared from
[https://addons.mozilla.org](https://addons.mozilla.org).

~~~
ttronicm
That's not nothing

~~~
feanaro
Indeed, I did not want to imply so.

