just tried to sign an addon for firefox (self-hosted, for internal distribution) via command line (instead of going through AMO website) which went entirely as expected:
- you obviously need to kiss the ring first and obtain your blessed api keys from Mozilla, there’s no way to have your own certificate, not approved from the friendly corporate mothership
- signing from command line (i.e. from a Makefile) is done through a special utility you get from npm
the catch is that signing uploads your code to AMO for “validation” and there’s no way around it, at all.
you literally can’t sign a firefox extension without uploading it to Mozilla to keep forever and do whatever else they might possibly want with it, as signing is actually done server-side.
it also helpfully creates an entry for your extension on the AMO website. given general incompetence of Mozilla fuckwits (remember how they did an oopsie with a certificate and broke all extensions?) i can easily imagine those entries suddenly becoming visible.
i’m not even going to mention how this procedure is hilariously unfit for any private project, that much should be obvious.
now let’s compare all this overwhelming privacy, freedom, and openness to the oppressive tyranny of Google. to do the same exact thing for Chrome (and pretty much any other fork of it) you do the following:
- you package the extension into crx3, the utility to do that generates a self-signed certificate if needed
- you distribute resulting signed extension via group policy on any chrome-based browser. you don’t need to share anything to Google or whatever other third party. it just fucking works. including stuff like transparent cloud storage syncing.
fuck Mozilla and every lying, hypocritical word of their corporate feel-good fucking manifesto with a fucking tractor up their fucking collective politics-obsessed asshole.
thanks for reading 
p.s. i assumed - when i was deleting my firefox and AMO developer accounts about a year ago - that all my data was to be deleted. interestingly enough, when i re-registered with the same email address, all the stuff was helpfully there, waiting for me or anyone else who had access to this email. amazing.