rich-hansen
commented
2 weeks ago What is the easiest way, that an (almost) non-technical user can also do, to install this add-on while guaranteeing that the build will correspond to the published source code?
There is nothing you need to do to ensure the build matches the published source code. Almost any build of the extension will work, the verification that happens is not tied to the specific extension build, but the build of the website and that verification will be done by the extension for any build that we release.
The reason why I say almost any, is because we sometimes add additional verification checks, that only work on version of the extension where we add that support or subsequent releases. The only thing you should be concerned about is keeping the extension up to date. We should handle the rest.
magicgoose
The addon is distributed via e.g. addons.mozilla.org, this is great. However, on their page, as an uneducated user, I see "This add-on is not actively monitored for security by Mozilla. Make sure you trust it before installing." and there is no clear path to "make sure I trust it".
Scoring the "recommended" status by Mozilla (like, for example, any of these) would be fantastic, but in the meantime:
What is the easiest way, that an (almost) non-technical user can also do, to install this add-on while guaranteeing that the build will correspond to the published source code?