what’s wrong with http://addons.mozilla.org
Posted by rene on 24 Sep 2011 at 11:56 pm | Tagged as: Hacking, virtual id
(or why I removed my extension from mozillas addons site)
In 2004 I decided to play with the addon possibilities of Thunderbird. I started to write the “virtual identity extension” and immediately published version 0.1. From version 0.2.1 on, which was published in November 2004, virtual identity was available on mozilla.org.
From 2004 up to 2011 I continued developing this extension, and always tried to get this extension published on addons.mozilla.org. Users of the mozilla mail programs Thunderbird and Seamonkey had therefore been able to find my extension just by the included search features or the main addon sites. Over the years I got around 4000(?) permanent(?) users of this extension worldwide, and publishing at the official mozilla site was one reason for getting people pointed to my work.
But over the years there had been more and more restrictions at addons.mozilla.org, and finally I decided in August 2011 that I will stop my cooperation with addons.mozilla.org by removing all my releases from their site. There are a lot of reasons, and I got asked to declare them in more detail…
- My software started as a hack to fulfill some personal requirements. The virtual identity extension is still a hack, everybody who has a look in the code will sign this.
Because it’s no bug-free software, my typical release-cycle is the following: I will add some features or changes for compatibility with new Thunderbird/Seamonkey releases, and publish the resulting version. Once I publish some new version, I often get a bunch of bug-reports which I can easily fix with small code-changes, and rapidly some follow-up-versions will be released.
The problem is, that addons.mozilla.org requires a code-review of my extension before it gets published. Even if my addon fulfills all the requirements of this review, it will take time (and manpower) to get this done. Therefore it might take a week or two before any bugfix can be released.
That’s why I published my extension parallel on my own website. There I was able to fix bugs immediately, which made the development process seen from addons.mozilla.orgs site only worse. If I uploaded another version to addons.mozilla.org while some previous version was still in their review process, I just moved my extension again at the end of the waiting-cue for a review. If I did not uploaded it to mozilla.org, the reviewer told me that it makes no sense to review some old version (he saw the new version at my own site), right…
However, addons.mozilla.org was mostly to slow to get my bugfixes released in short time. And it’s a pity not being able to publish a bugfix immediately, seeing people downloading a broken version and getting reports about already fixed bugs. - The review process got more restricted with the time and now includes some more tests to improve the standards of the extensions at addons.mozilla.org. Which sounds good at the first place, just turned out to be the showstopper for me.
After a year of quietness I continued to develop virtual identity more intense in this summer. While releasing the software at addons.mozilla.org, I got told that I should take care about some namespace pollution, which happened with my extension.
The coding-requirements to fulfill the mozilla-standards had been changed since last year, and therefore I decided to write a new version of the extension for up-to-date Thunderbird and Seamonkey releases which takes care on the critizised issues. Mayor code-changes had been required and I expected the new release to require a while till it would be as stable as the old one.
I decided to do the work on a new brunch and started with the 0.8-line of virtual identity. But I was not able to release this work and publish the changes step-by-step, because they had been required all together to fulfill the improved coding-standards of addons.mozilla.org.
And the old version 0.7 was still around for users with older Thunderbird and Seamonkey versions, and even if it was stable, there had been small bugfixes and feature implementations since than. But I was prevented from addons.mozilla.org to publish these fixes and changes at their site – because of the required overall code-changes.
That’s enough. It’s me who is doing the programming work, therefore it should be me who is the one who decides if there should be an update for one of my releases or not. I like to decide what to release and when [1]. mozilla.org might give me some credits on how useful my software is or not, but I never will give them or anybody else more power then myself over the release process of my work again.
[1] even the release time can be a problem. I remember this one time, when addons.mozilla.org just finished the review at the beginning of my holiday. No Internet for me, no support for the users – I would have used a better timing on my own.
Thanks for publishing this –and thanks for a nice extension that I hope I’ll have again soon.
I know software development if plenty of bureaucratic issues that sometimes get people upset. However, as a user, I must also say I’m quite happy with those TB revisions, as they may prevent malicious or unfit code from being distributed.
I would recommend to only upload stable versions for the current TB release. Involved users can download testing versions from here: since they are involved, they probably don’t need Mozilla’s revision. Normal users as well as reviewers can enjoy a more peaceful and better paced activity.
I totally agree except for one point:
you wrote that you publish a new version, expect lots of bug reports and fix them with a new version afterwards.
That’s ok as long as you first flag a new version as a beta and when there are no new bug reports for some time release the final.
Without the beta phase one could never be sure if the extension is melting the earth’s core because it’s completely untested.
Hi,
I got your points, and checking the release history at https://www.absorb.it/virtual-id/wiki/HistoryPage will show you that there had been pre-releases after every big code-change. But even half-year-old pre-releases from my own site turned out to have small problems for some users when published finally at mozilla.org – the variety of mail-client-version- / user-platform- / user-themes- / parallel-extensions- / -conflicts is too big for me to get tested.
So there is no real stable version before it is released, sorry, thats the real world. And the only way to handle this situation for me is a faster and self-controlled bugfix/upgrade process – and this way my sofware is probably to bad to get published at addons.mozilla.org.
Thunderbird itself changed into few different versions to handle the different expectations of their users. Those who like stable software use 5.x, those who like it cutting edge use 8.x. If ‚they‘ can’t decide which is the right version for their users, how should I decide if the old stable or the new stable is the one to publish? AMO does not give me the chance to publish both versions and let the user decide which way he/she wan’ts to live.
Finally I don’t blame mozilla.org for there review policy, and this might be ok for small extensions with a small volume of code. But virtual Identity is way to big to accept a blockage of all release-updates till some code-changes are done.
Regards, Rene
I maintain the Send Later 3 Thunderbird add-on, which has been downloaded over 64,000 times and has over 15,000 active users.
If you want to do fast pre-release versions of your software and get many people to test them, then you should be using the beta channel on addons.mozilla.org (AMO). See https://addons.mozilla.org/en-US/developers/docs/policies/maintenance, where the use of the beta channel is fully documented.
You can ask users who are willing to ride the bleeding edge to use the beta channel by (a) documenting it in your user guide and (b) mentioning it to people who email you about your add-on. In particular, when someone reports a bug to you, you can fix it in a new beta release and let them know that the fix is available in that beta release for them to download, as long as you also make sure to explain to them that once they download a beta release, they will continue to get new beta releases automatically as they come out. Over time you will build up a reasonably sized beta-tester community who will report bugs to you and ensure that the add-on is stable before you push a release to everyone. For this to work properly, the release that you submit for general consumption should be identical, aside from trivial changes, to the most recent beta release.
I don’t know how it worked in the past, but I’m under the impression that with the current AMO, if you submit a new release while the prior one was awaiting review, you get to keep your place in line.
The coding standards that the Mozilla community is enforcing on add-ons are reasonable and necessary. If these standards are not enforced, then serious security and/or incompatibility issues can arise. I don’t always agree with the standards — I myself had an argument with the AMO editors about a change they demanded that I make to one of my add-ons that I felt was both unnecessary and inappropriate — but I understand that there is a need for standards and that just because I don’t always agree with them doesn’t mean that I should throw in the towel.
These standards do take time to enforce, which is why there can be a delay between when you submit a new version for review and when the editors are able to review it. If that delay bothers you, then frankly, rather than throwing a petulant tantrum and withdrawing your add-on from AMO, you could volunteer to be an editor and review other developers‘ add-ons to shrink the delay for yours. As far as I personally am concerned, the delay is just a fact of life to be coped with.
There’s nothing wrong with publishing your add-on both on your own web site and on AMO. It doesn’t have to be an either/or.
Note that once your add-on is fully reviewed, users can download the newest version from either your web site or AMO, even if that new version hasn’t been fully reviewed; they just need to know to visit the „all versions“ page on AMO to find it there. If the changes in your new version are important enough, then people will go to the trouble to find them. If not, then it’s really no big deal for them to have to wait a few weeks until the new version is fully reviewed.
It is always bad for the community to lose a useful add-on or a contributing add-on developer. I’m sorry you find the AMO process and standards burdensome, but I hope you’ll reconsider your decision.
Hi Jonathan,
thanks for your extensive comment – all these instant reactions let me think about my decision… but…
The process with publishing beta/pre-releases seems interesting. This is exactly what I did with the users currently reporting a problem. I released a bugfixed version on my own site and told them that they are able to test it – with the problem that they will get all the betas from my site till there is any stable release again. But if I like to release some fix on AMO, it has to fulfill the coding standards, and I won’t change the old version that much anymore.
Full ack.
But what should I do if all my versions currently not accepted because of the improved coding standards?
Yes, I will change my coding and maybe publish any other version on AMO again. But till than I won’t leave some buggy outdated version at this site, only because the coding standards had been different one year ago. The released AMO-version was worse than the current one, because beside the rightfully critisized coding-crap it also contained some already fixed bugs. There was even after asking no chance for me to publish this version, nothing happens if the code does not fit the required schema. The only option for me was to remove it from AMO. And thats what I did.
Nice regards, Rene
maybe you should release an addon on the mozilla page, that does just always downloads and installs the latest versions and bugfixes automatically.
so you dont have to update it there all the time and can continue with your release cycles
hi rubo77,
addons.mozilla.org enforces you to point the update-link of your extension to addons.mozilla.org too. So there is no chance to let the extension get the latest code without beeing to hackish.
Regards, Rene
Hey Rene,
I couldn’t find your email on here, so just to let you know that the trac and tikiwiki are currently down, and therefore it’s hard to get a copy of Virtual Identity. I found some in the http://absorb.it/software/virtual_identity/pre/ directory, but the most recent files don’t seem to be compatible with TB 3.1.16.
Thanks a lot for this plugin, I use it every day!
Gabe
Hi,
thanks for the comment, hope the problem is solved now. Microsoft did a denial-of-service attack on my virtual server, sending parallel mns-searchbots through my machine ignoring the robots.txt. They are now cut off by firewall-rules, thats it.
Nice regards, Rene
I read a lot about your coding is a „hack“.
I haven’t looked at the coding, but it would be surprising, since you interface is very clean and even comes with a help system.
Looks like the work a very neat and detail oriented developers.
Thank you very much again for your add-on. Couldn’t live without it.
Hi Peter,
thanks for the ‚flowers‘ 🙂 And I call it a hack, because it’s not developed with even a development-path in mind, therefore some of the things just work. I implemented them by trying them instead of understanding thundebird completely, which makes the whole thing a hack. But on the other hand, there are good hcks too 🙂
Nice regards, Rene
Why don’t you just release „stable“ versions on the mozilla site and „unstable“ versions on your own site?
I for one am going to switch to some other similar addon, if I can’t get this one from the mozilla site.
Hi Aleksi,
because… All the mozilla-version are forced to point for updates to the mozilla site. And if then a bug get’s fixed, I can’T fix it on mozillas site, only on my site… but its written above, or isnt it?
Nice regards, Rene
it’s clear it simply does not pay, even in gratitude or satisfaction, to be an outside contributor to an open source project.
there has always been this snobbery in open source where there are the developers whose suggestions and fixes get pulls in immediately, however disruptive, meanwhile outside, smaller, hobbyist contributors face a much steeper slope for integration even when they have a very good idea.
On most projects, in order to be one of the cool kids, you basically have to be RMS, doing nothing with your life except coding big projects. For free. It’s very ivory tower and estranging. Clearly it is becoming this way too even with plugins development, in a world of „blessed“ plugins. It used to be that „mainware“ developers would list all available plugins that they knew about and then simply LTBB, at least until one was specifically pointed out as bad (blacklist model), but in this world of „blessed“ plugins, it becomes a whitelist model, with ever-restrictive criteria. In fact, it’s the same with mobile device OSes and their apps. The popularity of the Kindle Fire is pushing power users to eschew app stores in favor of manual APK installs (since they can’t get Google Play without disabling half their device’s functionality).
I think all of these models — Google Play, addons.mozilla.org, and so forth — will die off as they strangle themselves. Choice, not lock-in, always wins on the Internet.
Hi Keith,
thanks for the comment. And I think your partially right, because I disliked the development too. On the other hand, everybody is free to fork thunderbird, but it’s not an easy thing to maintain such a project to everybodys fulfillment. So, there is still a big difference between mozilla and google and I think, the way I do it now all sides can be happy. (except the users, which cannot find the extension anymore, hmm)
So far, just as a short thought… All the best,
Rene
Thanks for the great job. I`am not happy to loose this nice extension with the newest Firefox.
Nice regards
Rene-
Thank you for the wonderful add-on, which I’ve been using quite happily for many years now. I was quite surprised to see you remove it from AMO and wish you the best of success on your own.
This is one of the few add-ons I would consider paying for, but I am highly hesitant to use it without the AMO code review (for both efficiency and security reasons).
Please consider returning it to AMO as its primary release vehicle. I’d be happy to give you a token of appreciation for that.
Hi Adam,
thanks for your comment. I think you miss the point of the AMO review, it’s just a formal machine-check and some simple test, nobody will really check what’s the extension doing. Check http://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-add-on/ for some approved add-on behavior.
So, I won’t go back to AMO, sorry. Nice regards,
Rene
That is am amazing plugin. I’ve been needing it for the last years, but didn’t know it existed. By coincidence I found a 2008 link to mozilla, but it was not working any more. I was almost desperate, that the plugin didn’t exist anymore. For outsiders your site is not easy to find.
Thank you for maintaining one of the most useful Thunderbird plugins.
Thomas
Thank you.
I’ve been looking off and on for a plugin like this for a while. Works perfectly for what I need. (500+ aliases and no desire to add an identity for each one)
A stupid idea ….
Why not Publish a DUMMY at AMO …
That has meet all restrictions of AMO and do nothing other than INFORM the user where he can find the REAL version and download it ?
The user even don’t have to INSTALL this dummy Version …
BUT you are listed at ANO …
How about updates … it don’t mater if i have to initially install over your site, but its boring to check always manually for new versions. There should be a mechanism which do updates from your site …
Gusti
TO DUMMY PLUGIN:
Name it „virtual identity UpdateChecker“ or something like this …
It can check periodical your site for updates and show changelog, offer download link ….. so we have an update mechanism too …
Hi Gusti,
once you installed the extension from my site it should update automatically when new versions are available. Did you have updating of the extension activated in Thunderbird?
Regards, thanks for your comments, rene
Rene,
After 2 years, are your reasons still valid?
Don’t use this plugin anymore – its dangerous. If used in a professional setting (i.e. with an exchange server) it will randomly decide to change the From: field to someone you are replying to, so it looks to everyone in your organisation that you are trying to spoof an email!!