Mozilla decides to sign all addons / extensions.

25 replies [Last post]
lap4fsf
Offline
Joined: 10/12/2014

Mozilla will begin requiring all extensions to be signed in order for them to be installable in Release and Beta versions of Firefox. This will take effect from Firefox 42 (Read Abrowser 42.) for the in-release versions and Firefox ESR 45. (Scheduled for March 8,2016.)

Unbranded versions of Firefox like GNU IceCat and Abrowser requires a setting to disable mandatory signature checks and should use a generic name and logo. In addition they should be available in the en-US locale only.

Visit https://wiki.mozilla.org/Addons/Extension_Signing for further details.

davidnotcoulthard (not verified)
davidnotcoulthard

In addition they should be available in the en-US locale only.My interpretation is that FF will make an unbranded version of the browser (which is....good, isn't it?) in en-US.

I'm guessing future versions of Abrowser might be based on this "special" version (and maybe Ruben will drop Abrowser in favour of whatever FF names this special version, working on IceCat "full-time" as far as browsers are concerned apart from locales).

Anyway nowhere in the page does it say and/or imply that "Unbranded versions of Firefox like GNU IceCat and Abrowser requires a setting to disable mandatory signature checks and should use a generic name and logo. In addition they should be available in the en-US locale only", which would involve a license change which is neither mentioned nor implied either.

lap4fsf
Offline
Joined: 10/12/2014

Anyway nowhere in the page does it say and/or imply that ... which would involve a license change which is neither mentioned nor implied either.

You are right.

The correct word that fits to the context is may rather than should, which impose restrictions. However, the use of a generic name and logo has historic reasons; You may refer to https://en.wikipedia.org/wiki/Firefox#Trademark_and_logo.

It is actually a request from Mozilla to the developers of unbranded versions of Firefox. But again, I am not an advocate; Perhaps FSF's licensing Lab is the right place where you can ask such questions.

I stand corrected.

t3g
t3g
Offline
Joined: 05/15/2011

Years ago, there was an issue with Chromium having problems with 3rd party code licensing even if the browser was under one of the BSD licenses. Chromium would later be labeled non-free by the Trisquel team even though Debian and Ubuntu did not.

Is this still an issue? I still find Chromium to be a superior browser to Abrowser/Firefox in speed and features, yet we aren't allowed to use it because someone spoke out against it years ago and has not updated their research since. The browser is unbranded by default and doesn't carry the Mozilla Corporation's trademark restrictions.

jei
jei

I am a member!

Offline
Joined: 02/18/2015

You aren't allowed to use it? Nobody is forbidding you to use anything. Just because something is not in the repositories doesn't mean it doesn't work on Trisquel or that its use it discouraged. If there are no freedom issues with a certain piece of software and you would like to use it, just do it. I use Iridium, a Chromium fork, for the few times where I need a Blink-based browser: https://iridiumbrowser.de/download

t3g
t3g
Offline
Joined: 05/15/2011

Its use IS discouraged since the Trisquel devs go out of their way to ignore it and purge anything related to it. Of course I can always add the Ubuntu universe repo, but its annoying.

JadedCtrl
Offline
Joined: 08/11/2014

Chromium *IS* non-free software.
It installs binary blobs without warning or asking you every time it launches.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786909#5

Chris

I am a member!

Offline
Joined: 04/23/2011

Yea- much of what is removed is because there are issues with it as it relates to freedom. It's not necessarily that it can't be fixed, but there aren't the resources to fix it. If someone wanted to maintain a Chromium build that complied with the stance of the Trisquel project then it would be in the repository.

There might be some stuff that has been removed for reasons other than freedom. If something breaks for example its possible it doesn't have to do with a freedom issue, but its easier to remove it then to try and fix it. Thus you might find stuff that isn't an issue (freedom wise), but also isn't in the Trisquel repository (ie despite it being in the Ubuntu repository and there not being an freedom issue).

grimlok
Offline
Joined: 04/16/2013

I'm not sure about Chromium, but where I work, both Chrome and Firefox are installed alongside Internet Explorer to give user choice, and I have noticed that Firefox has been loading and running significantly faster than Chrome here as of late.

And I would object to using it just because it supports Google anyways, the Great Evil...

hnasiet
Offline
Joined: 02/10/2015

That's right. When Chromium was much cleaner and had less features some years ago it was super fast and that's how it gained its popularity. Nowadays that isn't true, it's a Ram-eating monster much slower than firefox. It's still a very nice browser but it's non-free software.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

According to https://code.google.com/p/chromium/issues/detail?id=28291 , Chromium does not "pass the Ubuntu license check script", i.e., copyright or license of some code is unclear. See the "blocked on" issues on the left for specifics.

Besides, and since this thread is about extensions, there is no Chromium add-on page that would only list free software (like the Trisquel project did for Abrowser and Icecat).

davidnotcoulthard (not verified)
davidnotcoulthard

Yeah, though I don't think the lack of libre-addons-only page fro Chromium should be used against it since should it be made fully, verifiably free, and enter trisquel's repos (and Parabola's), it shouldn't be long before such an addons page appears.

jxself
Offline
Joined: 09/13/2010

This shows all the more reason to not use Firefox. I'm sure Abrowser and IceCat will both be modified appropriately so as to not enforce signature checking (or maybe have it be an optional thing so that people can decide on their own), so it's a non-issue in the free world.

davidnotcoulthard (not verified)
davidnotcoulthard

Actually I think this is, in some way, good news.

There's now an official, Mozilla-made, version of what for all intents and purposes is really Iceweasel.

And, I guess much less significantly, there'll probably a Windows or OS X version of it too!

Chris

I am a member!

Offline
Joined: 04/23/2011

I must be missing something. What exactly is the objection here? This issue doesn't directly impact Trisquel's browser. Is it more along the line that Mozilla's prohibiting third party plug-ins that don't go through an approval process? I'm not sure this is an acceptable stance to take. How is it any different than say Trisquel's policy-or that of any other distribution?

I can see a valid argument to be made against prohibiting users from installing third party software, as its similar if not DRM, but it's not entirely the same as normal DRM. Users are given the choice (no?) of installing a version that doesn't support third party plug-ins which has a specific goal other than stopping third party plug-ins. The goal is to stop installation of malicious plug-ins from other companies. For example, this mostly impacts Microsoft Windows users, if one installs Oracle Java on a MS Windows system it'll install a search bar for Alexa (I don't know if this is actually correct, just an example, which might be correct or was at one time).

It seems like this is being blown out of proportion, but if I'm wrong, please correct me. I didn't look into this issue thoroughly.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

I agree although I do not see any good reason to remove the preference to disable the signature enforcement in about:config. Here is what https://blog.mozilla.org/addons/2015/08/21/the-future-of-developing-firefox-add-ons/ says:

Firefox 42 and beyond:

  • The Beta and Release versions of Firefox based on 42 and above (Beta 42 will be released at the same time as Firefox 41) will remove the preference that allows unsigned extensions to be installed, and will disable and/or prevent the installation of unsigned extensions.
  • The Nightly and Developer Editions of Firefox based on 42 and above will retain the preference to disable signing enforcement, allowing the development and/or use of unsigned add-ons in those versions. Unbranded versions of Firefox based on releases will also be made available for developers, and are expected to be in place for Firefox 42 for release (and potentially beta).
Chris

I am a member!

Offline
Joined: 04/23/2011

Yea- I'm not entirely sure this is as bad as some are suggesting, but it's not entirely clear to me why they are removing the preference. Are malicious applications modifying this user preference so they can install an unsigned plug-in anyway?

If so I'm not sure this will be effective against those least concerned about the legalities of it. It might stop some larger players such as Oracle. I don't think it'll stop smaller players of which do not care about the legality of what they're doing- or otherwise aren't in a place that cares about such legalities.

What these entities will simply do is rebuild Firefox with the original Firefox branding and all and replace the entire binary image thus enabling them to install the unsigned plug-ins again. This will all happen without the vast majority of impacted users recognizing it. The main thing that would stop the larger entities such as Oracle from pursuing this would be the violation of Mozilla's trademark. They'd be opening themselves up to liability. Though in many cases even these entities have proven willing to violate others trademarks/copyrights/etc so it might not even stop them really.

alucardx
Offline
Joined: 02/29/2012

It seems to me that Mozilla, as an organisation, just keeps getting worse and worse. I still really like Iceweasel, Icecat and abrowser and if someone is one a Windoze or Mac I suggest firefox to them over anything else. It is sad though that Mozilla keeps selling out.

davidnotcoulthard (not verified)
davidnotcoulthard

At least you can now nicely recommend non-branded versions of FF...

Legimet
Offline
Joined: 12/10/2013

IceCat has a Windows version :)

t3g
t3g
Offline
Joined: 05/15/2011

I think you mean Mozilla, as a CORPORATION: https://en.wikipedia.org/wiki/Mozilla_Corporation

onpon4
Offline
Joined: 05/30/2012

I don't know about making it impossible to use unsigned extensions without recompiling as a security feature, but it could be that Mozilla really just doesn't want people to see browsers being slowed down by malware extensions due to users' stupid decisions, being called "Firefox". If that's the case, it makes perfect sense.

In any case, given that the feature can be easily disabled and Mozilla even offers an official unbranded version with it disabled, I don't think Mozilla is doing anything wrong here.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Just like systemd/linux, mozilla needs to be forked

You are ridiculously funny. You create threads to insult me because you believe I did not understand that your game is a fork of Xonotic (I was actually suggesting you to go on with the development of Darkplaces) and you do not see that the Tor browser is forked from Firefox.

Legimet
Offline
Joined: 12/10/2013

Data mining can be used for for spying. It can also be used for other purposes: https://en.wikipedia.org/wiki/Data_mining#Notable_uses.

moxalt
Offline
Joined: 06/19/2015

> complete idiot

Something you have no right to accuse anyone of being.

MrBuggles (not verified)
davidnotcoulthard

What I would like to see is a fork of Firefox that directly incorporates the common add-ons added by the community directly into the browser. The idea that a browser has to be augmented with Https everywhere, no-script, and other freedom relevant add-ons to function the way the community expects is the problem. I'd rather have a well thought out browser that offered native support than have the ability to install add-ons in the first place.