(In reply to Shane Caraveo (:mixedpuppy) from comment #12) > I've talked through this again with Luca. We will add a new permission, "privilegedAddon". In firefox this will essentially do nothing. The pipeline will need to enforce that all new signing requires this permission. Then AMO can also require it, and fail if any other privileged permission exists without it. We can't we gate privileged features on that permission in Firefox? The downside of it doing nothing is that the add-on will work just fine in Firefox during development without it, so they don't know they need to add it. Then, they'll either submit to AMO which will accept and sign it, only for end-users to notice it's broken, or they will realize it needs to go through shipit, at which point shipit will deny the submission because the permission is missing. This sounds like a bad experience to me in either case.
Bug 1739114 Comment 14 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Shane Caraveo (:mixedpuppy) from comment #12) > I've talked through this again with Luca. We will add a new permission, "privilegedAddon". In firefox this will essentially do nothing. The pipeline will need to enforce that all new signing requires this permission. Then AMO can also require it, and fail if any other privileged permission exists without it. Why can't we gate privileged features on that permission in Firefox? The downside of it doing nothing is that the add-on will work just fine in Firefox during development without it, so they don't know they need to add it. Then, they'll either submit to AMO which will accept and sign it, only for end-users to notice it's broken, or they will realize it needs to go through shipit, at which point shipit will deny the submission because the permission is missing. This sounds like a bad experience to me in either case.