[Mozilla Enterprise] Mozilla To Stop Supporting Sideloaded Extensions In Firefox
James M. Pulver
jmp242 at cornell.edu
Mon Nov 4 19:00:08 UTC 2019
I'm guessing if you're deploying policies as policies.json you probably
can template it in your configuration management tool. I find this is
where erb templates shine in puppet for instance.
--
James Pulver
CLASSE Computer Group
Cornell University
On 11/4/19 6:30 AM, Marco Gaiarin wrote:
> Mandi! Mike Kaply
> In chel di` si favelave...
>
>> The thing that is going away is the concept of sideloading where you put
>> extensions in a central location and they get loaded into Firefox and the user
>> can't remove them (they can only disable them).
>> You will still be able to put extensions into distribution/extensions because
>> they simply get installed into Firefox as normal extensions.
>
> Things get newer, anche change. It is normal.
>
>
> But still i'm lost trying to understand *why* of that change. Looking
> at:
> https://blog.mozilla.org/addons/2019/10/31/firefox-to-discontinue-sideloaded-extensions/
>
> seems to me that the trouble came from the fact that some 'threat' have
> hijacked 'sideloading' to have their extensions loaded and locked.
>
> This mean to me that the 'threat' had to be executed as 'administrator'
> (to copy extension in 'extensions' and to put some 'js' files in
> 'defaults\preferences', to use Autoconfig to prevent extension
> disabling or uninstallation.
>
> But if users have administrator right on the local machine, can also hijack
> the new 'policy' settings, probably doing nastier things!
>
> So, really i don't understand the benefit of new 'policy' method of
> installing extensions versus the 'sideloading+Autoconfig' old one.
>
>
> Still i prefere sideloading (why duplicate all extensions for all
> users, when i can install only one time?), but if we have to change,
> what are really the benefit?
> If is only a 'preferences mess cleanup', why not simply add a policy
> 'SideloadExtensions = true'?
>
>
> Also, if we have to switch to policy, please have the distribution/policies.json
> to be non-monolithic: have a single file is a bit rigid nowadays, where
> modern configuration files work on split-files.
>
> Eg, make the parser load not only 'distribution/policies.json' but also
> (for examples) 'distribution/policies/*.json' with 'policy snippets'.
>
> Thanks.
>
More information about the Enterprise
mailing list