Hello! As many of you know, the Add-ons Team, User Advocacy Team, Firefox Team and others have been collaborating for over a year in a project called Squeaky [1]. Our aim is to improve user experience for add-ons, particularly add-ons that we consider bad for various levels of "bad".
Part of our work consists on pushing forward improvements in Firefox that we think will significantly achieve our goals, which is why I'm submitting this spec for discussion: https://docs.google.com/document/d/1SZx7NlaMeFxA55-u8blvgCsPIl041xaJO5YLdu6HyOk/edit?usp=sharing The Add-on File Registration System is intended to create an add-on file repository that all add-on developers need to submit their files to. This repository won't publish any of the files, and inclusion won't require more than passing a series of automatic malware checks. We will store the files and generated hashes for them. On the client side, Firefox will compute the hashes of add-on files being installed and query the API for it. If the file is registered, it can be installed, otherwise it can't (there is planned transition period to ease adoption). There will also be periodic checks of installed add-ons to make sure they are registered. All AMO files would be registered automatically. This system will allow us to better keep track of add-on IDs, be able to easily find the files they correspond to, and have effective communication channels to their developers. It's not a silver bullet to solve add-on malware problems, but it raises the bar for malware developers. We believe this strikes the right balance between a completely closed system (where only AMO add-ons are allowed) and the completely open but risky system we currently have in place. Developers are still free to distribute add-ons as they please, while we get a much-needed set of tools to fight malware and keep it at bay. There are more details in the doc, so please give it a read and post your comments and questions on this thread. Jorge Villalobos Add-ons Developer Relations Lead [1] https://wiki.mozilla.org/AMO/Squeaky _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
