addons-server
addons-server copied to clipboard
thunderbird
ATN Permissions should show "unrestricted access" for all Mail Experiments.
Describe the problem and steps to reproduce it:
(Please include as many details as possible.)
Issue: Mismatch between permissions shown for add-ons on each add-on's Thunderbird add-on web page, and what is shown during the install process and in the add-on's permissions once installed.
What happened?
4 add-ons from 3 developers which I installed today (3 February 2022), I had the same issue, so I suspect it is a back-end problem. Description:
I find an add-on, then view its web page. On that page, the "Permissions" link (just right of the green "+ Add to Thunderbird" button) lists the add-on's required permission as something specific, reasonable, and limited, such as:
"This add-on can: Display notifications to you" "This add-on can: Access browser tabs" No permissions link (presumably because no permissions are required?)
However, once I click the "+ Add to Thunderbird" button (if viewing the page from inside Thunderbird), the permissions warning popup lists the add-on's permissions as:
"Have full, unrestricted access to Thunderbird, and your computer"
And once the add-on is installed, its Permissions tab also lists its permissions as:
"Have full, unrestricted access to Thunderbird, and your computer"
What did you expect to happen?
I expected that the listed permissions I see for an add-on would be (a) correct, and (b) consistent. An add-on can't BOTH have unrestricted access to my computer AND only need permission to access display notifications, so something is wrong.
Anything else we should know?
(Please include a link to the page, screenshots and any relevant files.)
Add-ons with this problem on 3 February 2022: https://addons.thunderbird.net/en-US/thunderbird/addon/quickfolders-tabbed-folders/ https://addons.thunderbird.net/en-US/thunderbird/addon/tag-toolbar/ https://addons.thunderbird.net/en-US/thunderbird/addon/manually-sort-folders/
All experiments have unlimited access, it's just not noted on the website, because widespread use of experiments is not a thing that Firefox ever supported.
We should fix this on the website, yeah.
Yes, please fix. And ideally include an explanation IN the new text users see describing permissions, e.g. "This plugin was written using an older framework which gave unrestricted permissions. Which permissions the plugin actually uses is up to the developer."
Yes, please fix. And ideally include an explanation IN the new text users see describing permissions, e.g. "This plugin was written using an older framework which gave unrestricted permissions. Which permissions the plugin actually uses is up to the developer."
One important giveaway that this information popup box comes straight from Firefox (where the experimental API platform of course is not supported) can be seen by the fact that it is actually mentioned:
As an Add-on author and reviewer you can see the term "Firefox" coming through in many places and also the Add-on validator still doesn't know the mail specific APIs and flags them as unknown. I think there is a fundamental problem here as the code for generating the Add-ons store is inherited from the Firefox team, and from my conversations with Core there is currently no way to modify it without forking.
There are lots of fundamental problems with ATN, the Firefox team has like 10-15 people dedicated to Add-ons and we have roughly 1+a fraction. It's lucky that ATN even exists at all, there was a strong argument to not even try, and instead just have a static site with links to XPIs in a repository.
Things will get better as we hire more team members.