maxurl icon indicating copy to clipboard operation
maxurl copied to clipboard

Published 20 hours ago verified publisher icon qsniyg

Please do GH releases for the userscript

Open Hlsgs opened this issue 2 years ago • 13 comments

As the title says, can you please do releases for the userscript so we may get notified and update it manually?

Hlsgs avatar Jun 29 '22 12:06 Hlsgs

I've been using Github File Watcher to send me email notifications whenever userscript.user.js changes. It works great.

https://app.github-file-watcher.com

Repository: qsniyg/maxurl File to watch: userscript.user.js

GTR8000 avatar Jun 29 '22 20:06 GTR8000

I've been using Github File Watcher to send me email notifications whenever userscript.user.js changes. It works great.

https://app.github-file-watcher.com

Repository: qsniyg/maxurl File to watch: userscript.user.js

That's interesting, thank you! However, a release implies (much) more than some changes to the file, as you are probably well aware :)

That beeing said, this is obviously just a personal preference of mine, so thank you for your work @qsniyg, regardless of whether you can or cannot be bothered with this.

Hlsgs avatar Jun 29 '22 21:06 Hlsgs

@Hlsgs I've been hesitant to create a new release for a while for a number of reasons. I'm deliberating on just releasing nightly-style releases instead. The main blocker here is the FF addon, which is a rather large deal as the extension is very difficult to install and use when sideloading, e.g. #1044 (unless you're using a build of FF that allows unsigned addons)

However, a release implies (much) more than some changes to the file

For the userscript, the only relevant file is userscript.user.js, so I think @GTR8000's solution should work properly in this case :)

qsniyg avatar Jun 29 '22 21:06 qsniyg

For the userscript, the only relevant file is userscript.user.js, so I think @GTR8000's solution should work properly in this case :)

Indeed, but are you only pushing changes to that file when you feel confident that they are ready for widespread use? No "work in progress" type stuff?

The main blocker here is the FF addon, which is a rather large deal as the extension is very difficult to install and use when sideloading

Have they blocked your extension from their "store"? Why?

Hlsgs avatar Jun 29 '22 21:06 Hlsgs

Indeed, but are you only pushing changes to that file when you feel confident that they are ready for widespread use? No "work in progress" type stuff?

Usually the only iffy code I push are those related to Instagram, as I cannot test them. However, for anything risky, I give builds to users individually to test before pushing them to git. That's not to say it's completely stable of course, but it's usually been more stable than the released versions (due to bugfixes, rule updates, etc.).

Have they blocked your extension from their "store"? Why?

They continually increase their extension monitoring, which has caused the addon to get removed a few times in the past, as it didn't completely conform to their policies.

For example, the userscript uses 3rd-party libraries, which are patched for a number of reasons (generally to avoid side-effects and allow it to be loaded into the userscript). Though the patching process is open and described in the README given to AMO, it still fell under "distributing tampered 3rd-party libraries", so I had to move the patching process from build-time to run-time for the AMO build (which satisfied them).

I don't mind implementing these kinds of changes in theory (as long as it doesn't require crippling the addon in some way), but unfortunately I have very little time to maintain this addon nowadays. Additionally, they disable all previous versions of the addon until the required changes are made (disabling the addon for all users who already have it installed), adding time pressure for a potentially complicated change. The addon only gets checked whenever I release an update, so I'm a little hesitant to do so nowadays.

I'm not exactly blaming Mozilla in this instance, as I understand that they want to keep their store safe (and malicious addons are a serious risk). This addon is also quite unusual in the way that it's built, so they cannot run the same automatic linting process as they would for other addons if they want to properly inspect it. However, I do wish there was some way that they would allow users to install unsigned addons. I really don't like that Mozilla has complete control over which addons you can install, and can even remotely disable those that you already have installed... and there's no way for users to change this behavior in any way.

qsniyg avatar Jun 29 '22 22:06 qsniyg

You can install unsigned addons by using editions of Firefox: developer, nightly, and unbranded. Just set in about:config xpinstall.signatures.required to false. That is how I have been using and updating your extension (by replacing userscript.user.js file in xpi file which i normally download using git pull), but now even that is useless, because Instagram does not work. I will start using userscript instead of extension now.

nijazm avatar Jun 30 '22 17:06 nijazm

@qsniyg Maybe just make it a python program instead on PyPi, and people could just paste an image url into it, and then the program provides back the max url for that image. It wouldn't be in the browser but, at least the project could continue.

Jimmy03 avatar Jul 20 '22 23:07 Jimmy03

@Jimmy03 You can actually already use it on the command line via node.js :) For now it just outputs the object as JSON, but later I'll make it more user friendly.

qsniyg avatar Jul 20 '22 23:07 qsniyg

@qsniyg Cool, I've never used node.js much, but I think PyPi could be the most portable and universal way of doing it, I often run useful programs in a Pycharm virtual environment or on Colab.

Jimmy03 avatar Jul 20 '22 23:07 Jimmy03

Additionally, they disable all previous versions of the addon until the required changes are made (disabling the addon for all users who already have it installed),

As far as I'm aware, that's not supposed to happen. Review rejection isn't supposed to impact users. The only time it would is they think the extension is deliberately malicious or if the identified issues are particularly egregious. At least, that's what the policy states.

https://extensionworkshop.com/documentation/publish/what-does-review-rejection-mean-to-users/

LoneFenris avatar Jul 30 '22 23:07 LoneFenris

@LoneFenris I'd have to check again which problem caused this, but they did at one point disable all earlier versions. IIRC it had to do with the patched 3rd party libraries.

qsniyg avatar Jul 31 '22 05:07 qsniyg

Are you certain the versions were disabled for users and not just retroactively rejected? The policy allows for the retroactive rejection of previous versions if they share the issues that the latest one failed for, which may result in the AMO listing for the addon disappearing. That is not supposed to cause existing installations to be disabled, though (whether previous or current). That requires the extension to be added to the blacklist, which Mozilla's policy states they only do if they believe it to be deliberately malicious, if the author is completely unresponsive to a failed review, or if the identified issues negatively impact the security or experience of the browser as a whole.

LoneFenris avatar Jul 31 '22 19:07 LoneFenris

@LoneFenris Ah, that I don't know. I'd have to check the discord logs again to see if people were complaining about not being able to use the addon.

qsniyg avatar Aug 01 '22 05:08 qsniyg