I hope not. Add-on signing is a glorified backdoor. Not only does it let Mozilla remotely disable extensions, but in future, governments can force Mozilla to censor unwanted extensions.

In addition, it is a privacy violation, since Mozilla can see who has installed which add-on.

[…] when Firefox contacts Mozilla servers to verify if Mozilla approved each extension, it discloses to Mozilla which extensions are in use. So in addition to being a backdoor by definition, it is a severe privacy violation as well. This comes from an organization that perpetually claims to champion user freedom and privacy.

(source: change.org)

And let’s not forget about a certain May 2019 incident:

all Firefox addons have been disabled due to an expired certificate. And so, people got silently hit with stuff like this when turning their “private and secure” browser on. It was only a matter of time until Mozilla’s extension prison backfired, and it did so spectacularly. Though the BugZilla comments were already predictably closed, they will not be able to contain the armageddon this time, no matter how much PR they spew. The whole /r/firefox front page is filled with threads about this, with many people moving to Chrome-based browsers. Hacker News is also booming. Tech sites are running with the news too. The funny thing is, the whole point of the extension prison was allegedly to increase security - and yet today, all security addons got disabled because of it! Shows how freedom always has to trump over security or it ends up in a disaster like this.

(source: digdeeper.club)

  • kixik
    3·
    3 days ago

    It’s been a while since extensions need to be signed for FF to enable them. Not sure if Librewolf build scripts do something about it, but the config is not configured by default:

    % grep xpinstall.signatures.required /usr/lib/librewolf/librewolf.cfg
%

    and if you look for it on about:config, it’s enabled. So far it’s functionality is mainly to sort of not allowing dangerous extensions, though that promise can’t really be fulfilled, and besides, and it’s true the feature can be abused, but it’s not something new for FF, not sure why that petition is showing up just now, hmm. For the apps I use, this hadn’t posed a problem on Librewolf so far.

    But it’s been a while I don’t see Librewolf devs around this community and the other lemmy one I know !librewolf@jeremmy.ml seems abandoned. Perhaps someone is familiar with Librewolf build scripts…

    • LinuxdroidOPEnglish
      1·
      2 days ago

      and if you look for it on about:config, it’s enabled

      The about:config setting has been placebo since version 48. It doesn’t affect anything.

      Firefox 48: (Pushed from Firefox 46). Release and Beta versions of Firefox for Desktop will not allow unsigned extensions to be installed, with no override. Firefox for Android will enforce add-on signing, and will retain a preference — which will be removed in a future release — to allow the user to disable signing enforcement.

      (source)