Notice to mariners: starting with NoScript version 2.6.6.9 (ATM still a RC) and next version of FlashGot (1.5.5.6, most likely) the packages (XPIs) of my Firefox add-ons won’t be signed anymore.

Almost no other Firefox extension gets signed these days (NoScript and FlashGot had been among the earliest and few for a long time), and AMO being the only authorized repository you can install the add-on from by default, there’s little or no point in keeping the relatively expensive and clunky signature machinery in place.

You probably noticed AMO lags quite a lot behind stable versions. That’s because the editorial staff manually checks every line of code published as “stable” for security issues and known performance problems. Therefore, if you’d like to always run the latest and safest (a good idea for a security tool like NoScript), you may want to switch to the fast lane, i.e. the automatically up-to-date beta channel, by installing 2.6.6.9rc1 now.

6 Responses to “NoScript and FlashGot Unsigned”

  1. #1 AnonymousCoward says:

    So it seems you no longer make the xpi files, with a hash, available on your "getit" download page at noscript.net - or in the version history at AMO.
    This seems to make the only available method of getting the RC version: via an AMO "install" code.
    Is this correct?

  2. #2 Giorgio says:

    The self-hosted XPIs are still there. Just not signed. And if you skip all the security warnings, you can get it either way.

  3. #3 AnonymousCoward says:

    Thanks for the response.
    Unfortunately, your site’s link takes my Fx 22 to only an AMO http install link - where the browser goes into the auto install mode. The only security warning is whether or not to allow the auto install to go ahead.
    I can of course retrieve the xpi file from the cache - but only by truncating the auto install at the countdown allow install dialog, then retrieving the xpi file by using about:cache links.
    Or I can get it from the staging directory - but I have to make sure I don’t actually restart and install it in the working Fx version.
    It’s not exactly straightforward any more.
    What have I missed? Anything in the prefs.js I can change to stop Fx taking over extensions like this?

  4. #4 Thrawn says:

    @Anonymous: You should be able to right-click on the link and Save Target As, instead of clicking on it. Then just open the file using Firefox and it should install.

  5. #5 level says:

    Salon.com somehow ‘allows’ their website automatically when I visit. Thought you would like to know.

  6. #6 Giorgio says:

    @level:
    You may want to check whether you accidentally enabled any of the \automatically allow\ option in NoScript Options>General.
    Anyway, please follow up in the forum, rather than here.

Bad Behavior has blocked 3468 access attempts in the last 7 days.