Trac issueshttps://gitlab.torproject.org/legacy/trac/-/issues2020-06-16T01:03:19Zhttps://gitlab.torproject.org/legacy/trac/-/issues/30413Notification Bar to warn about xpinstall.signatures.required set to false2020-06-16T01:03:19ZTracNotification Bar to warn about xpinstall.signatures.required set to falsePlease warn with a notification bar if xpinstall.signatures.required is set to false.
This setting was recommended by the blog for users affected by #30388 . Such users are somewhat likely to forget to toggle it back to true, which co...Please warn with a notification bar if xpinstall.signatures.required is set to false.
This setting was recommended by the blog for users affected by #30388 . Such users are somewhat likely to forget to toggle it back to true, which could be a potential attack vector.
Quoted from comment 43 there:
> > Since the blog asked people to "Please remember to" re-enable security, and that's the kind of thing which is the bane of security when it comes to ordinary users, can a subsequent release please force this back to 'false' and alert the user if the flip is made?
> >
> > It's better to have people need to toggle it again than to leave people unintentionally unguarded. I realize both options are sub-optimal, but "fail safe" is better than "fail dangerous". Without such a change, it's very likely that some users will go on forever set to not validate addons - the typical user pattern is "fix it and forget it".
> >
> >
> >
> Replying to flowerpt:
>
> I don't think we can do that as our decisions don't overwrite user prefs. We could think about showing a notification bar, though, reminding the users of that problem and allow them to flip the pref back easily that way.
**Trac**:
**Username**: flowerpt