> And this is the kind of thinking I'm talking about.

The kind of thinking that says "security-sensitive software with no active maintenance and regular updates is a security hole waiting to happen"?

Letting users install and run unmaintained software is dangerous. They'll get exploited. (And they'll blame the browser for that, and rightfully so.)

You can still do what you want; it's entirely possible to install local untrusted addons. You just have to poke some settings that are intentionally hidden from most end users, to make it somewhat more likely that users doing so understand the implications. And similarly, you can make your addon available to others willing to go through the same steps. They'll balk at doing so, and rightfully so.

> it's entirely possible to install local untrusted addons. You just have to poke some settings that are intentionally hidden from most end users

It's possible to install unsigned addons in ESR, developer and unbranded builds of Firefox. It's no longer possible to install them in the regular release or beta versions. The hidden setting was disabled in Firefox 48.

I don't get this. I mean, it's ok to have an option to install untrusted code off by default. It's even OK to bury it somewhere in "advanced settings". But after that, I think you're done your due diligence in protecting me from myself, and anything beyond that is impeding, not protecting.

>Letting users install and run unmaintained software is dangerous.

Which is... exactly what Windows and Linux still do, rightly.

>And they'll blame the browser for that, and rightfully so.

Not at all rightfully so. Moreover the supposed security gain from this is absurd. So a user can't accidentally install a malicious extension... but they can install malicious software. Which, being that it has full access to the system, could patch Firefox if it liked to disable the signing check.

I won't use a browser which implements restrictive code signing practices.