Shumway is NOT "verified"...

[madscientist42]

I don't even CARE if this has already been logged.

Mozilla has seen fit to block the ability to load/run "unverified" add-ins as a "security" measure (which is the same mistake Microsoft made with their plugin framework...) I had two extensions/plugins that got screwed up upon update to Build 43. APK downloader being one of them. Shumway being the other.

If you can't get your own act together...get the larger team to wise up... Seriously guys...

[yurydelendik]

Shumway being the other.

Shumway extension is automatically signed. Closing as wfm. Please provide more details to back up your claim.

[yurydelendik]

Notice the extension hosted at http://www.areweflashyet.com/shumway/ and shall be used by testers, researchers and developers only. The version for end-users was never released.

[madscientist42]

So...as an off and on researcher...I'm to pound sand? Wrong answer to be blunt.

You are guilty of Security Theater here. Shameful On Dec 28, 2015 9:25 AM, "Yury Delendik" notifications@github.com wrote:

Notice the extension hosted at http://www.areweflashyet.com/shumway/ and shall be used by testers, researchers and developers only. The version for end-users was never released.

— Reply to this email directly or view it on GitHub https://github.com/mozilla/shumway/issues/2406#issuecomment-167587742.

[the-bobo]

Did you try these two answers on the FAQ to enable it on a nightly build of Firefox?

https://github.com/mozilla/shumway/wiki/Frequently-Asked-Questions#extension

_Can I install _Shumway* extension for Firefox?*

The Firefox extension is provided for the developers and tester -- end user shall use Firefox Nightly to try it (see below). The extension is published athttp http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi :// http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi www.areweflashyet.com http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi/ http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpishumway http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi /extension/ http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpifirefox http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi/ http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi shumway.xpi http://www.areweflashyet.com/shumway/extension/firefox/shumway.xpi and automatically updated. The extension requires click-to-play enabled (for Firefox 21+) and Flash plugin set to "Ask to Activate" (for Firefox 23+).

It is possible to configure the extension (e.g. when the Flash plugin is not installed) to ignore click-to-play settings and always show the Shumway player. Seehttps https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension :// https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension github.com https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension / https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension mozilla https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension / https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension shumway https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension /wiki/Debugging-and-Configuring-Shumway#using-the-extension https://github.com/mozilla/shumway/wiki/Debugging-and-Configuring-Shumway#using-the-extension for more information.

I heard Shumway is a part of the Firefox Nightly. How can I use it?

The Shumway code is disabled by default (see bug 904346 https://bugzilla.mozilla.org/show_bug.cgi?id=904346). You have to enable it by opening the web browser at about:config and changing the preference shumway.swf.whitelistto "*" and shumway.disabled tofalse.

The Nightly downloads can be found athttp://nightly.mozilla.org/. On Dec 28, 2015 2:34 PM, "Frank Earl" notifications@github.com wrote:

So...as an off and on researcher...I'm to pound sand? Wrong answer to be blunt.

You are guilty of Security Theater here. Shameful On Dec 28, 2015 9:25 AM, "Yury Delendik" notifications@github.com wrote:

Notice the extension hosted at http://www.areweflashyet.com/shumway/ and shall be used by testers, researchers and developers only. The version for end-users was never released.

— Reply to this email directly or view it on GitHub https://github.com/mozilla/shumway/issues/2406#issuecomment-167587742.

— Reply to this email directly or view it on GitHub https://github.com/mozilla/shumway/issues/2406#issuecomment-167635578.

[timvandermeij]

@madscientist42 No, it means that the extension is unstable until a stable version for end users is released. Unstable implies that things can break from time to time, even though we all do our best to minimize the chances of that happening.

The extension signing process is relatively new and was quickly enabled in Firefox, so there has not been too much time to implement extension signing for projects (Shumway being one, but there are more projects) and an API for this was not available until a few weeks ago. However, it has been implemented in the meantime in https://github.com/mozilla/shumway/commit/1a32b7365f65a5c69f849d33163fc97bbc371cdd. For the extension signing we had to change the extension ID in https://github.com/mozilla/shumway/commit/c219d3beaa440028beececc1c6ab9a08440bdbf0, meaning that you need to uninstall the previous extension manually and install the new extension from http://mozilla.github.io/shumway/extension/firefox/shumway.xpi. This extension is signed; I just checked that for you.

If you reinstall the extension you will see that it is in fact signed, so you are blaming people here for no reason. Please be more polite: contributors are really always willing to help you out and to look into solving issues, but not when they are spoken to in such a way.