Last week over on the Mozilla blog, the Foundation announced a major change that’s coming to a future release of Firefox. In the name of security, they’re going to start requiring that all add-ons be digitally signed. Extensions that are submitted to the AMO (the official add-on repo) will be signed automatically after review.
This isn’t something that’s going to take place immediately. Mozilla doesn’t even plan on introducing a warning about signed extensions until Firefox 39 is released (we’re on 35 right now). Once the warnings start, it’ll be another couple versions before the new policy takes effect.
Mozilla’s blog post has generated a lot of discussion; it might not yet qualify as a full-blown controversy, but a lot of Firefox fans are pretty worked up about it. It sounds, after all, like Mozilla is setting up a walled garden. Is that really the case, though?
In his post, Jorge Villalobos specifically states that “An easy solution would be to force all developers to distribute their extensions through AMO, like what Google does for Chrome extensions.” He doesn’t stop there, however. He goes on to say that “we believe that forcing all installs through our distribution channel is an unnecessary constraint.”
Mozilla’s Director of Product Management, Chad Weiner, also wrote me saying that “We also think the process is pretty lightweight and we want to do what we can to make sure the add-on ecosystem continues to flourish. This plan optimizes user satisfaction and security without locking down development unnecessarily.”
That doesn’t sound like the sentiment of a group that wants to build a walled garden.
Mozilla fully intends to allow developers to continue distributing their add-ons outside AMO. They’re still trying to sort out exactly how that’s going to work, but the basic plan doesn’t seem that complicated. Anyone can get their own certificate. Anyone can use that certificate to sign a Firefox add-on — Mozilla’s even got a handy developer doc that will show you how to do it.
Where things get a bit murky is later in the post, when Villalobos runs down various add-on distribution scenarios:
Extension files that aren’t hosted on AMO will have to be submitted to AMO for signing. Developers will need to create accounts and a listing for their extension, which will not be public. These files will go through an automated review process and sent back signed if all checks pass. If an add-on doesn’t pass the automated tests, the developer will have the option to request the add-on to be manually checked by our review team.
If Brad wants to serve up a Liliputing add-on from his own site, then, he has no choice but to run it past Mozilla’s extension reviewers. If it passes, he’s allowed to serve it up himself, but ultimately it’s Mozilla that will decide if he’s allowed to.
There will be workarounds, though, for those who want to install unsigned extensions: you can run the nightly or developer builds of Firefox, or you can “special, un-branded builds of Release and Beta.” The new policy shouldn’t, then, create much of an inconvenience for more advanced Firefox users — but it’s still a frustration that they’ve not had to deal with in the past.
So is Mozilla building a walled garden? There’s a case to be made for both sides right now. Hopefully Mozilla can sort things out and find a way to balance control and security without sacrificing any of the openness its die-hard fans have come to expect.