Thank you for clarifying, but I am still very skeptical.
I would have no problem with signature verification if, as with apt, users can decide which keys to trust. (And you don't have to download a whole new copy of apt to do it!) But the intent of this announcement seems to be that Mozilla will prevent users from doing that, on the theory that they will make bad choices. Well, some of them will!
But it's far more dangerous to take those choices away from them — that guarantees that they're trusting the wrong company.
I would have no problem with signature verification if, as with apt, users can decide which keys to trust. (And you don't have to download a whole new copy of apt to do it!) But the intent of this announcement seems to be that Mozilla will prevent users from doing that, on the theory that they will make bad choices. Well, some of them will!
But it's far more dangerous to take those choices away from them — that guarantees that they're trusting the wrong company.