Conversation

Notices

1. Embed this notice
   Rich Felker (dalias@hachyderm.io)'s status on Monday, 04-Nov-2024 03:19:53 JST Rich Felker

   in reply to

   • :mima_rule: Mima-sama

   @mima @wyatt8740 Signature checking can be turned off. I did that after their signing key fiasco disabled UBO abd exposed everyone to malware.

   • Embed this notice
     :mima_rule: Mima-sama (mima@makai.chaotic.ninja)'s status on Monday, 04-Nov-2024 03:19:55 JST :mima_rule: Mima-sama

     @wyatt8740@tech.lgbt Funnily Mozilla has been called out a "walled garden" for pushing that signed add-ons shit. Which, to be fair, isn't wrong; why should I need to make an account in the AMO when my GitHub or Gitea repo has a releases page I can use for distribution?
     
     And their mandatory signing didn't really prevent malicious add-ons from getting in to the site.. To the contrary ever since WebExtensions became the only allowed add-ons format and XUL got phased out there's a lot more malware getting into the AMO undetected by Mozilla until they become approved (automatically by their system presumably in which case what even is the point of mandatory signing) and some end-user reports about it :seija_coffee:
     
     @dalias@hachyderm.io