[firefox-dev, dev-addons, and the enterprise mailing list cc'd - please direct follow-up discussion to dev-platform]
Hello All, As you're no doubt aware, from 57 onwards, only signed WebExtensions will be available as add-ons for the general release population. My understanding is these are all packaged as "xpi" files (zip files, really, but what's important is that they're bundled up as a single file rather than a directory). Add-on developers can develop their add-ons by temporarily loading them as unsigned packages or unsigned unbundled directories (again, if my understanding is correct). This leaves the question of what use we have for verifying unbundled add-ons. Is there ever a case where we want to verify an unbundled yet signed add-on? For example, do we ever do this with system add-ons? (And if we do, I've been told this would be bad for performance, so perhaps we should disallow this?) Thanks, David
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
