Hacker News new | past | comments | ask | show | jobs | submit login

No. JUST A HUGE NOOOO.

My reply is here https://news.ycombinator.com/item?id=19828472




We’re literally in this mess because Firefox requires digital signatures on this kind of thing, please don’t make FUD posts.

This is much better than disabling the very same safe guard, signature checking, that prevents you from running arbitrary code in the first place.


How is this better then enabling studies, a setting that is already part of Firefox? Installing add-ons from random sources can be risky.

But anyways, I'm not sure why, but the addons on my main computer remained enabled... unlike my 2 other computers.


It's cryptographically signed by Mozilla. The signature is much more important than the source.


I clicked that link and it displayed a puzzle piece with a one-way/no-entry symbol (https://i.stack.imgur.com/eVpMr.png)... not sure how I can know that this was signed by Mozilla, a company that I trust less every year


The UI doesn't tell you, unfortunately. You would have to verify it out of band. But the browser already forces the verification, which you can verify by noticing all your add-ons are literally disabled because the signature checking is failing on them.

AFAIK the reason the UI is scary is primarily because it is from an era when add-ons were much more dangerous, and when they were not required to be centrally signed. Neither is true anymore afaik.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: