Firefox has similar restrictions... you have to side load through Developer Options. If you’re not a developer, you will be questioning why you’re doing this and the less-technically inclined will simply never do it (like my wife)
And it is not entirely nefarious as you suggest. It limits the damage that sideloaded extensions did roughly 2010 and earlier. The WebExtension API was another assault on extensions. These days, chrome and Firefox have essentially closed a huge attack vector even though extensions are a shadow of their former selves. I was a skeptic for a long time (why should power users pay for the faults of everyone else?) but no more. Kudos.
Availability is part of security, and the most secure system is disconnected from the internet and powered off. Why are we cheering our software becoming less useful in the name of safety? The switch to WebExtensions was a monstrous loss of functionality!
Chrome sideloads extensions through a similarly obscure menu - My main quarrel is the prompt where the default option is to uninstall that appears on every launch. Firefox doesn't have that.
Firefox also permits self-hosting extensions signed through their store, providing more freedom for extension developers.
yeah i kind of hate it but i can't really blame them for doing it, since before they did that, if you installed software from questionable sources like, say, java from the oracle website, it would bundle an ask toolbar with it. and this was so common
I'm not sure what screen "Developer Options" is referring to, but you can load add-ons directly from your hard drive with no fuss from the Add-ons page (though you must be running the Nightly or Developer version of Firefox). Click the gear icon right above your list of installed add-ons (this is also the menu that lets you disable auto-updates).
I can see why you'd think that but in practice I assure you that your concern is unwarranted. I've been using Nightly Firefox exclusively for almost ten years and I honestly can't remember it ever crashing (excluding the times when I was manually futzing with experimental about:config flags back in the electrolysis days).
As for the developer edition, it's literally the version that they expect web developers to use; it's not half-baked software by any means.
The Developer Edition is not a nightly build, it’s a beta build, so there has been some testing (Before I switched to stable, I only once had an issue). Your point stands though.
Installing extensions from a file is supported in the latest mainline FF (84.0.2), nightly or dev are not required. I currently have one installed. It just shows a confirmation dialog and then installs it.
This is true but misleading: the extension you install from file has to be signed by Mozilla in exactly the same way that extensions on the store are signed.
You can remove the signature requirement on stable by setting `xpinstall.signatures.required` to `false` in your user.js / about:config
(I wrote most the extensions I installed for my own bespoke use, built locally as zip files and installed via "Install Add-on From File...", and I don't have a problem trusting myself.)
I don't think this is is true for the official Mozilla builds (except for Nightly, Beta and unbranded). It's possible that your distro has a custom build that allows the setting. Arch builds Firefox with `--allow-addon-sideload` which could be the culprit.
No promises that that's actually the right flag. I had a rummage around searchfox and it looks like that just enables extensions that have been placed in special directories (whether they must be signed or not is a different flag). There clearly is a setting somewhere though as the unbranded builds exist...
Firefox has similar restrictions... you have to side load through Developer Options. If you’re not a developer, you will be questioning why you’re doing this and the less-technically inclined will simply never do it (like my wife)
And it is not entirely nefarious as you suggest. It limits the damage that sideloaded extensions did roughly 2010 and earlier. The WebExtension API was another assault on extensions. These days, chrome and Firefox have essentially closed a huge attack vector even though extensions are a shadow of their former selves. I was a skeptic for a long time (why should power users pay for the faults of everyone else?) but no more. Kudos.