alt Hacker NewsIt's very annoying you have to submit your extension to gatekeepers to even distribute them to normal users. As gorhill said on GitHub it took days for a self-hosted version to be approved - that's unacceptable. Imagine you would need approval from Microsoft to distribute software. Not even Android is this closed. Enforcing signatures and removing XUL were the worst things Mozilla has ever done. And yes, Google does the same and it's even worse there but this it to be expected from them, but not from Mozilla.
Replies
> Imagine you would need approval from Microsoft to distribute software.
You mean like how you need permission to distribute software on MacOS/iOS? More and more platforms are moving in this direction and I wouldn't be surprised if Windows goes the same way in the future.
What?You can install extensions in Firefox easily without going through the Firefox extension store. XUL had to go.
On desktop Firefox, you can download an extension from anywhere and install it. All they're gatekeeping is their own repository, which I think most of us would like them to do.
I think mobile requires using a nightly build to install extensions from outside Mozilla's repository, and that suggests their thinking is becoming contaminated by the rest of the mobile ecosystem.
> removing XUL
Nah, XUL had to go. The other stuff wasn't really related. It was a more "if we are going to break most extensions we may as well use this time to push everything else we want". If anything XUL is a scapegoat.
I know because I maintained VimFx for a while after the XUL removal. It was difficult to keep up with internal APIs that are changing, but I can't blame them, they need to develop their product. The thing that really made me give up on maintaining VimFx was the signing enforcement. They just keep tightening the screws so that I couldn't even run "my own" code with any reasonable UX.
What I would have like to have seen:
1. Provide WebExtensions as the recommended way to do things with some compatibility and deprecation guarantees.
2. Stop caring about compatibility of other APIs.
3. Still allow outside "full access" extensions that use those internal APIs. You can give warnings in the store "this extensions uses unsupported APIs and may break at any time and steal all of your personal data" and make the install button bright red but still allow it.
4. Keep supporting self-distributed extensions with developer managed signing keys and update URLs.
Since there are no compatibility guarantees on these APIs it wouldn't have been much extra work. Just a bit of UX work to add scary warnings and maintenance of the non-store update code.