old_grumpy_grandpa
Score hidden · 5 hours ago
...Mozilla Firefox first introduced mandatory add-on signing in december 2015, with Firefox 43: this change prevented users from installing add-ons (essentially extensions for your browser) if those add-ons did not have a valid digital signature from Mozilla.
The change, advertised as an important security measure, was not well received: sure, users could override it and install unsigned add-ons by changing a flag through a developer page, but the developers had stated that said flag would be disabled in a few months. There were also concerns about the centralized nature of the signing, as that would mean Mozilla would have full control over which add-ons would work and which would not, making censorship of disliked add-ons incredibly easy. Mozilla went to great lenghts to reassure its users about how they'd never abuse their power over the signing process that way, with little results.
With Firefox 48, released in august 2016, add-on signing became completely mandatory as the override flag was made non-functional in the normal releases, and the users' disapproval got no reaction from Mozilla.
May 3rd 2019, all add-ons for Firefox stopped working, because one of the Mozilla certificates used in the signing process had expired: that means no one using Firefox was able to use ANY add-on, including the ones already installed, nor install any new add-on.
So, what did Mozilla do to fix this clusterfuck?
Stay silent for 2 days, then release a hotfix that can only be installed by users that haven't opted out of a specific ads and analytics program, program that was strongly criticized on release because of privacy concerns.
No apologies for the fuck up, no word about mandatory signing perhaps not being such a great idea, no admission that leavig the override flag functional would have let users work around the issue, not even the decency to offer a proper downloadable hotfix: without context you'd think this was a play made by Microsoft in the 90s, not by a major open source project!...
reddit.com |
