> 4. Keep supporting self-distributed extensions with developer managed signing keys and update URLs.
Mozilla followed the big corps in the 'store' model, instead of keeping it open free-form. We might have a viable developer certification trust system by now, but with that too, only the corps have enforced signing systems (that are closed and fragmented.)
> We might have a viable developer certification trust system by now
Don't we already have that system, in the form of distributions? More specifically, I'm thinking of something like Ubuntu's PPA system, where each developer publishes their packages with their own signing key.
Mozilla followed the big corps in the 'store' model, instead of keeping it open free-form. We might have a viable developer certification trust system by now, but with that too, only the corps have enforced signing systems (that are closed and fragmented.)