alt Hacker NewsThat sucks. I work for Mozilla, but nowhere near Addons so I don't know what pressures they're under or whatever.
But if I ran the zoo... this is gorhill we're talking about. We ought to just make him an add-on reviewer with full rights, and tell him it's ok if the only add-ons he reviews are his own. We do not need to vet either his competence or trustworthiness; we have vastly more historical data backing him up than on any contractor or employee.
He's not a one-off either. We aren't nearly as volunteer-oriented as we used to be, sadly. But we still get many and major contributions from volunteers, and at least in my team (SpiderMonkey) there's no wall between external and paid contributors. (Except for the company-wide offsites, grr...) I don't see any reason why gorhill couldn't be made a full member of the review team, not that I'd expect him to be up for it right now given what's happened.
That makes more sense to me than giving him a special pass that we could potentially give out to other people or organizations. He is a major contributor to Firefox's capability and success already, let him contribute reviews that are already a thing and provide value. (Again, only self-reviews would be just fine with me.)
Now I need to figure out who to pester on Slack.
Replies
This sounds like a proposal to make the review process giving more weight to reputation, unlike the current process which is supposed to be entirely technical[1]. This might be a good idea, but I can see how Mozilla would get a different set of complaints about reputation not being consistently evaluated.
[1] https://wiki.mozilla.org/Add-ons/Reviewers/Guide/Reviewing
Probably a big ask, but could you find out why one is not allowed to add your own root cert to FF and sign an addon yourself, instead being forced to use an ESR/develop/nightly version and setting xpinstall.signatures.required to false, significantly reducing your security?
I suspect he will simmer down a bit (I do not at all blame him for what he did, it has to be frustrating to dedicate thousands of hours into something just to have some clueless person pull it). I think it will be back inside of a week, it’s important and can save battery over regular ublock origin on Firefox.
I disagree here. You don't want to allow people to review their own code. That defeats the purpose of a review. No matter if he's a superstar, have someone else look at his code so that he doesn't get sloppy with security practices.
And if you allowed this, then more borderline superstars would want the same privilege.
In scientific publishing, even if you're the editor in chief, your paper gets reviewed by someone else and the whole decision process happens away from your eyes; this is good for science.