How To Find Out Which Add-Ons Are Signed Or Not?
I am trying to find out which add-ons are signed/verified by Mozilla and which are not. Some say that the word 'signed" in the add-on title on the add-ons page in FF 39 means this extension is approved by Mozilla........Is that right?.
As seen in the part screen shot of my add-on page.
Thanks.
All Replies (6)
According to a wiki entry, for extensions hosted on the Add-ons site, "All new versions will be signed automatically after they pass review." So what you see with the regular install button should be signed. I don't know about the ones that are preliminarily reviewed. https://wiki.mozilla.org/Addons/Extension_Signing
For extensions you might install from other sites, hmm, it's obviously not automatic there.
In another thread, it was mentioned that you could inspect the interior of the XPI file for a folder to confirm that it was signed, but that is not a very convenient method, and perhaps could be faked since human brains can't mathematically verify the validity of the files in the folder.
If you don't get a quick answer here, there is a forum staffed by Add-ons site experts that would be a good place to ask: https://discourse.mozilla-community.org/c/add-ons
I should add that the extension review process doesn't guarantee that an extension will be trouble-free or never cause data loss. The review process is at a point in time and later changes in Firefox may break the extension. The review also would not be able to consider conflicts with extensions from all other sources. Extensions that integrate into specific websites (e.g., Youtube) can break when the site changes.
For a detailed explanation of what is checked in the review, see: https://developer.mozilla.org/Add-ons/AMO/Policy/Reviews
hi, the addon's name/version number doesn't give any indication if it's signed or not - starting with firefox 40 which is going to be released next week, unsigned addons will be clearly labelled as such in the addons manager.
-signed was added to most add-ons a few weeks ago - "en masse". Any add-on that was updated after that "en masse" signing won't have "-signed" any longer. With 30 extensions installed I am seeing that "-signed" disappear one at a time as some of my extensions get updated, every few days or so.
I have read that when Firefox 40 is released next week a warning message will appear just above each extension stating that it isn't "signed". In Firefox 41 extensions that aren't "signed" will be disabled, but the user will have a hidden pref available to "override" it - not sure if that for those already installed or to allow installation. In Firefox 42 the "override" will be gone - any nor "signed" extensions will be gone.
Currently the XPI file the extension comes packaged in needs to be opened to visually inspect an internal file for the "signing" code.
OK. I only got to know of the subject as I read an article about it on the GHacks site
So starting from FF 40 we can see much better if a add-on is signed or not. At the moment this is not so clear as the signed label which appears on some of my extensions on the add-on page of FF39 disappear over time.
Well at least it is a bit clearer to me. Thanks so much gents.
Modified
http://www.ghacks.net/2015/08/04/fix-for-installing-unsigned-add-ons-in-firefox-dev-and-nightly/ is about the Alpha level DE & Nightly versions which will have a "feature" which will be unavailable for the Beta and Release versions of Firefox. Namely a preference to allow each Night or DE user to disable the "signing" feature to allow a developer to "test" an addon that they might be developing without constantly getting it signed by Mozilla before trying to install and use the extension.