Add-ons/InternalSigning: Difference between revisions
(Created page with "The document on Add-ons in Firefox 57 outlines a series of extensions called "Signed by Mozilla internally". These are add-ons that are signed using a i...") |
|||
| Line 20: | Line 20: | ||
* Conform to Mozilla security, privacy and data collection policies. | * Conform to Mozilla security, privacy and data collection policies. | ||
* If the add-on is not a WebExtension, or has non-WebExtension parts it must: | * If the add-on is not a WebExtension, or has non-WebExtension parts it must: | ||
** Use APIs that '''will not''' be implemented in WebExtensions or | ** Use APIs that '''will not''' be implemented in WebExtensions or have a roadmap to implementing the WebExtensions APIs. | ||
** And understanding that regressions, bugs and issues will occur regularly. These are outside of WebExtensions are not the add-ons team responsibility. | ** And understanding that regressions, bugs and issues will occur regularly. These are outside of WebExtensions are not the add-ons team responsibility. | ||
If any of those conditions change (for example the project is disbanded) then signing access will be withdrawn. | If any of those conditions change (for example the project is disbanded) then signing access will be withdrawn. | ||
If you'd like to request this for your add-on, then please contact [[ | If you'd like to request this for your add-on, then please contact [[Add-ons#Who|Andy McKay or Kev Needham]]. | ||
Revision as of 20:19, 15 May 2017
The document on Add-ons in Firefox 57 outlines a series of extensions called "Signed by Mozilla internally".
These are add-ons that are signed using a internal signing infrastructure to Mozilla. The signing infrastructure is not available to anyone other than Mozilla employees. Remaining documentation on how to sign add-ons and who to ask for permission are covered on Mana (page to be built).
What's this for
The primary use case for system add-ons. These are add-ons that aren't really add-ons, they are part of the Firefox infrastructure for delivering features to user without having to land in Firefox and ride the trains. These have been signed internally using a special key since they were created.
This is also used for Firefox features or experiments that want to distinguish themselves from other add-ons in some way. It's planning on being used by the following programs within Mozilla: Test Pilot, Dev Tools, Release Engineering and Shield Studies.
Can I get access to this?
Don't be upset, but the default answer is no. To pretty much everyone.
We are setting the bar high for this signing. If an add-on is going to be signed this way then it must conform to a few requirements:
- Have a clear and important value to Mozilla and it's mission.
- Supported and maintained by a known team within Mozilla.
- Regressions, bugs and issues are the responsiblity of the add-on author.
- Conform to Mozilla security, privacy and data collection policies.
- If the add-on is not a WebExtension, or has non-WebExtension parts it must:
- Use APIs that will not be implemented in WebExtensions or have a roadmap to implementing the WebExtensions APIs.
- And understanding that regressions, bugs and issues will occur regularly. These are outside of WebExtensions are not the add-ons team responsibility.
If any of those conditions change (for example the project is disbanded) then signing access will be withdrawn.
If you'd like to request this for your add-on, then please contact Andy McKay or Kev Needham.