Notification Bar to warn about xpinstall.signatures.required set to false
Please warn with a notification bar if xpinstall.signatures.required is set to false.
This setting was recommended by the blog for users affected by #30388 (moved) . Such users are somewhat likely to forget to toggle it back to true, which could be a potential attack vector.
Quoted from comment 43 there:
Since the blog asked people to "Please remember to" re-enable security, and that's the kind of thing which is the bane of security when it comes to ordinary users, can a subsequent release please force this back to 'false' and alert the user if the flip is made?
It's better to have people need to toggle it again than to leave people unintentionally unguarded. I realize both options are sub-optimal, but "fail safe" is better than "fail dangerous". Without such a change, it's very likely that some users will go on forever set to not validate addons - the typical user pattern is "fix it and forget it".
Replying to flowerpt:
I don't think we can do that as our decisions don't overwrite user prefs. We could think about showing a notification bar, though, reminding the users of that problem and allow them to flip the pref back easily that way.
Trac:
Username: flowerpt