Greetings from the Mozilla Add-ons team!

Mozilla has upgraded the signing for Firefox extensions, themes, dictionaries, and language packs to provide a stronger signature for a more secure add-ons ecosystem. This upgrade may impact add-on versions uploaded to https://addons.mozilla.org (AMO) differently depending on the date they were uploaded and whether they are self-distributed or distributed via AMO. Please see below for which add-ons will be affected.

For developers of add-on versions hosted on AMO that were uploaded prior to April 5, 2019.

  • No action will be required; the most recent public version of your add-on will be re-signed automatically April 25, 2024 resulting in a version bump

  • Developers will receive a confirmation email once the auto re-signing of their add-on is complete

For developers of add-on versions self-distributed that were uploaded prior to April 5, 2019.

  • Action will be required as Mozilla is not able to automatically re-sign unlisted versions since the distribution is controlled by the developer and thus the AMO team cannot determine which version(s) to re-sign

  • Action required: To continue to distribute any self-hosted versions uploaded to AMO prior to Apr 5, 2019, developers will need to submit new versions to AMO.

Self-distributed add-on versions that are not re-submitted by Apr 15 will no longer be installable on any version of Firefox 127: Nightly (Apr 15), Beta (May 13) or Release (Jun 11). Add-ons installed prior to Firefox 127 will continue to work for now, but we ask that you encourage your users to upgrade to the new, re-signed version of your add-on once you have re-submitted it to AMO. Any previous versions that are no longer in use do not need to be re-submitted to AMO.

Please feel free to reply to this email if you have any questions.

Regards,

Mozilla Add-ons team

  • 𝘋𝘪𝘳𝘬@lemmy.ml
    link
    fedilink
    arrow-up
    1
    arrow-down
    1
    ·
    7 months ago

    That won’t ever be happen. Mozilla just loves being in control. See reflinks for everything by default, see massive telemetry data for EVERYTHING you do in the browser by default, see crippled mobile browser where you pretty much can’t change anything, etc., etc.

    “Mandatory” verification and signing of not-to-be-public extensions just 100% fits into that.