MDN’s new design is in Beta! A sneak peek: https://blog.mozilla.org/opendesign/mdns-new-design-beta/

审查政策

这篇翻译不完整。请帮忙从英语翻译这篇文章

为了保护 Firefox 用户的安全和权益,Mozilla 要求所有附加组件遵守一系列做法政策。具体的适用政策取决于若干情况,最重要的取决于其是否托管在 addons.mozilla.org(简称 AMO),以及附加组件如何在其他地方分发。

本文件概述了不同类别的附加组件预期遵守的政策。无论附加组件的类别如何,这些策略都通过 AMO 推行的强制性检查流程执行,以及由 Firefox 实施的强制性代码签名检查。

附加组件审核轨迹

在 AMO 上架

AMO 上上架的附加组件必须接受人类审核者的审查。在审查开始前,用户可以通过其详细信息页面的链接直接访问该附加组件,但不会在其他地方向公众展示。在获得批准后,附加组件将有一个公开的页面,包括截图、说明和用户评论;该附加组件也将出现在搜索结果、收藏集和偶尔推荐中。现有用户将自动接收发布到 AMO 的版本更新。

在 AMO 上上架的附加组件有两种审核类别,两者有着不同的要求和功能支持。

全面审核
全面审核轨迹中的附加组件将进行全面的代码审查和功能测试。这些附加组件将受到高水平的质量要求。作为交换,它们在搜索结果中有更高优先级,并可为用户提供最顺畅的安装体验。
初步审核
Add-ons in the preliminary review track undergo full, though less detailed, code review, but in general do not undergo functional testing. These add-ons must not cause security problems, or seriously hamper the usability of the browser, but otherwise have few qualifications. As a result, these add-ons are displayed less prominently in search results, and their listing pages warn users about potential quality issues prior to installation.

Unlisted add-ons must be uploaded to AMO prior to distribution, but are otherwise not accessible to the public via the site. These add-ons must be distributed elsewhere by their publishers. Depending on the manner of distribution, unlisted add-ons undergo a fully-automated review, with possible post-signing code reviews.

While these add-ons are automatically signed, they are held to very similar standards to those of listed add-ons. The primary difference is that these add-ons must manage their own updates.

政策

下表概述了适用于每个附加组件审核的主要政策。下面将进一步说明这些政策。每个审查类别的符号指明了这些要求是否适用于此类附加组件。如下所示:

  此要求不适用于此审核轨迹。
此审核轨迹中的附加组件不得有此行为。
此审核轨迹中的附加组件必须遵循此行为。
  上架 非上架
  全面 初步 侧面安装 网络安装
安全  
对用户的数据、系统或网上身份构成危害
增加或凿出安全漏洞
篡改应用程序/附加组件的更新与黑名单系统
执行远程代码¹  
降低 HTTPS 网站的安全性  
未经用户同意,安装其他附加组件或系统应用程序    
包含自己的更新机制    
隐私和用户许可  
对浏览器或网页内容进行意外的更改
阻止用户还原附加组件所做的更改
避免附加组件出现在附加组件管理器中
阻止用户禁用或卸载该附加组件
向未受保护的远程服务器发送敏感信息  
存储隐私浏览窗口的浏览数据  
将身份信息泄漏到隐私浏览窗口的网页内容  
未经用户同意更改 Firefox 首选项    
在隐私政策中清晰披露所有的用户数据处理方式    
用户体验  
损坏或禁用应用程序的核心功能
在附加组件被禁用或卸载后留存任何持久性变更
易于使用,提供一致的用户体验    
向一般受众呼吁      
要求付款才能使用附加组件的核心功能(包括预先或有试用期)    
内容  
违反 Mozilla 可接受使用政策  
技术  
向审核员提供完整的源代码 ²
使用未受审计的第三方代码库或框架  
包含明显的代码编写错误    
与其他运转良好的附加组件冲突³    
使用已知将导致性能或稳定性问题的API    
¹ Remote code may be executed in documents with the same origin as the code being executed, or, under limited circumstances, in carefully constructed sandboxes. Remote code may never be executed in privileged contexts.
² 非上架的附加组件必须根据要求提供资源。如果在显式请求时未提供自动签名的附加组件的源代码,可能导致附加组件被阻止。
³ 所有附加组件可能都无法完全避免与所有任何附加组件的冲突。本质上不能并行运作的附加组件可能被允许冲突。而由于技术实践不力造成的冲突不会被容忍。
⁴ APIs which have been deprecated for performance or stability reasons, including DOM mutation event listeners, synchronous XMLHttpRequests and Storage API calls, and code which re-enters the main event loop, should not be used in add-ons. They may be allowed under limited circumstances, where alternatives are impractical, or be granted a reimplementation grace period, but such exceptions are rare, and in general the APIs should be avoided as a mater of course.
⁵ Separate submission of full source code is required for add-ons which use obfuscation, minification, or transcompilation to generate JavaScript source code, or which include executable binary files, including system executables or libraries. Instructions and tools necessary to reproduce obfuscation may also be required. Add-ons which include only human-readable JavaScript are not required to submit separate source code.
⁶ 用户必须能够通过附加组件管理器界面来禁用和安装附加组件。提供第二种卸载方法(如系统级卸载程序)并通过附加组件管理器界面完成,则不能满足此要求。

安全性

Because add-ons run in an environment with elevated privileges relative to ordinary web pages, they present a very serious set of security considerations. They have the potential to open security holes not only in the add-ons themselves, but also in the browser, in web pages, and in particularly worrying cases, the entire system the browser is running on. As a result, we take our security policies very seriously, and apply most of them to all add-ons, whether hosted on AMO or not. We expect all add-ons to be secure, not only in their handling of their own data, and of user data, but also in all of their interaction with the web, the browser, and the operating system.

隐私和用户知情

We take user sovereignty and privacy extremely seriously. Whether hosted on AMO or not, we require all add-ons to respect users choices and their reasonable expectations of privacy. In particular, this means that add-ons may not limit users control of their browsers, by making it impossible to permanently change settings (such as the homepage or search engine), preventing users from uninstalling them, hiding their presence from users, or installing toolbar buttons or other UI elements which cannot be permanently removed via the UI customization process.

Features like advertising or certain forms of user activity tracking may be required to be opt-in, or at least opt-out, depending on the privacy and security impact, and whether the feature is necessary for the add-on to function or not. Since these are usually additional monetization features that are unrelated to what the add-on is meant to do, they generally require an opt-in for listed add-ons and an opt-out for unlisted ones. Some forms of tracking, like gathering all visited URLs, are generally forbidden even for unlisted add-ons. The decision to activate or deactivate these features and its implications must be clearly presented to the user.

用户体验

We expect all add-ons to work without significantly degrading users' experience with the browser. In particular, add-ons may not adversely affect browser performance, break built-in features, or damage the user interface. For add-ons listed on AMO, requesting full review, we likewise expect a consistent generally positive user experience for any functionality provided by the add-on.

内容

While we have no interest in controlling the types of functionality provided by add-ons in the wild, there are certain types of content that addons.mozilla.org cannot host. In particular, all content hosted on the site must conform to the laws of the United States, and comply with the Mozilla acceptable use policy.

技术

We try, as much as possible, not to restrict the freedom of developers to maintain their add-ons as they choose. However, for reasons of security and our ability to effectively review code, we do have certain technical requirements. In particular, potentially dangerous APIs, such as those which evaluate HTML or JavaScript, may only be used in ways which are provably safe, and code which we cannot verify to behave safely and correctly may need to be refactored.

源代码提交

Add-ons may contain binary, obfuscated and minified source code, but Mozilla must be allowed to review a copy of the human-readable source code of each version of an add-on submitted for review. In such cases, the author will receive a message when the add-on is reviewed indicating whom to contact at Mozilla to coordinate review of the source code. This code will be reviewed by an administrator and will not be shared or redistributed in any way. The code will only be used for the purpose of reviewing the add-on.

Instructions for reproducing obfuscation are also required, please read the details of this guideline to ensure a swift review.

If your add-on contains code that you don't own or can't get the source code for, you may contact us for information on how to proceed.

审核员

附加组件是由AMO 审核员团队审核,他们是一组经验丰富的附加组件开发人员、自愿帮助 Mozilla 项目,通过审查附加组件来确保为用户提供稳定和安全的体验。审核员指南详细介绍了审核员如何评估提交审核的附加组件。它是上表的扩展版本。开发人员将在审核过程的状态更新时收到电子邮件。审核用时可能随审核员的精力和审查的附加组件的复杂性而起伏不定。Add-ons Blog 中会定期发布审核队列状态的更新。

黑名单

Add-ons that don't meet the bar for Unlisted Web Install may qualify for blocklisting, depending on the extent of their problems. The Add-ons Team will do their best to contact the add-on's developers and provide a reasonable time frame for the problems to be corrected before a block is deployed. If an add-on is considered malicious or its developers have proven unreachable or unresponsive, or in case of repeat violations, blocklisting may be immediate.

应该通过 Bugzilla 报告违反指南的附加组件,放在 Tech Evangelism > Add-ons 下。疑问可以在 #addons IRC 频道提出。

文档标签和贡献者

 此页面的贡献者: yfdyh000, Ende93
 最后编辑者: yfdyh000,