Hacker News new | past | comments | ask | show | jobs | submit login

Firefox is open source. AFAIK you could always run a fork with your preferred behaviors. Same applies to speculative execution mitigations in Linux.



And so is, for example, Android. But due to some (shady) tactics, a successful fork of either is impossible for a small group. Saying to a hungry kid in a favela "you are free to get rich" is technically correct, but ignores practicalities.

You could argue that Mozilla is either a shepherd (making best decisions for most users and that's it; take it or leave it) or a partner (listen to users and try to implement features they want) but you cannot eat your cake and have it too.


What makes it nearly impossible to fork Firefox? Mozilla already distributes an unbranded "fork" that allows unigned extensions. It's just a build flag away. What potentially shady tactics am I missing?


What, specifically, is the feature you think Firefox is removing the option to have, that you think people want?

I suspect that if we drill down to this point, you'll find the feature is still available with a trivial amount of work, or on the outside case it's the more specific thing they actually talked about, it's not a trivial amount of work, but it's just not automated for enterprise installs anymore.

So, what's this feature you're referring to?


Manually installing extensions from an XPI file.

I also think the discussion moved to a more generic "safe default with options for users to change" vs "choices hard-coded based on perceived safety for general users".


> Manually installing extensions from an XPI file.

Everything I see indicates that is still supported. Especially if you read the comments to the post. XPI files seem to be supported, what they removed was the ability have an executable installer install them automatically.

The change, which seems to have been communicated poorly, seems to be that some actions within Firefox need to take place (allowing the user to opt-in to the extension) before it will be used by Firefox.

This comment[1] from Caitlin Neiman, who I just looked up on Google and appears to be the Firefox Addons Community Manager, states:

Developers will still be able to self-distribute, and you will still be able to install extensions from self-distributed (non-AMO) sources.

Going forward, developers won’t be able to distribute an extension through an executable application installer.

> I also think the discussion moved to a more generic "safe default with options for users to change" vs "choices hard-coded based on perceived safety for general users".

I'm pretty sure what they did is not hard coding choices. There are multiple ways to get an extension locally, the hardest of which but still works no matter what is installing the developer version and using source (XPI files can be unpacked).

What they actually did was lock down one method of installation which is almost never used by users and is used by orgs and malware, which is to drop extension into the plugin folder with the extension name as the folder name and have it automatically added to Firefox. Now they require you add it through the Firefox browser interface so the user has to opt-in to the extension.

1: https://blog.mozilla.org/addons/2019/10/31/firefox-to-discon...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: