Reduced requested Thundebird permissions to reasonable level? #11
Comments
|
Since Thunderbird 78 there are two types of extensions available: new ("MailExtension") and legacy ("experiments"). New ones support fine-grained permissions, but offer much more limited set of APIs. Legacy addons don't have any permission control - they use same access model as pre-78 extensions, meaning they have access to everything. As far as I can tell, new APIs don't support changing message pane UI nor allow direct access to raw message headers to extract sender/recipient. Until such APIs are added to Thunderbird - only way to make this addon work is to use old style (permissionless) APIs. |
|
Very helpful, thanks @lkosson for the background. Does the following place/community offer some means to make this better, or minimize the problem? eg: is it feasible to file a bug/request to provide an API that could serve this (full-address-column) or any other add-on without having to resort to the dreaded "requires all permissions"? (I'm quite unstudied in the land of Mozilla/Thunderbird APIs and extensions--please pardon my ignorance. There's so much stuff out there and I've not yet discovered comprehensive-yet-concise summary of this world/community, making it harder for me to learn this context quickly.) |
|
A side note: if welcomed, I would like to donate a few dollars to this project. |
|
I don't have much experience in Mail/WebExtensions (or any proper JavaScript) development either - apart from hacking this addon together. If I understand Mozilla's plan correctly, the intended use of "experiments" (legacy-style APIs in new extensions) is for developers to provide a prototype of an API to include in future versions of Thunderbird if it is deem useful. The way my addon works is by grossly overusing it by defining a single experiment API that basically does all the work like pre-78 extension and that most definitely won't be accepted as an official API. A proper way would be to implement experiment API that does the exactly one thing that's missing from official APIs, build whole add-on based on that and hope your API will eventually be integrated. It turns out there already is a request posted on bugzilla for a proper API allowing creating custom columns but it seems it's not getting merged any time soon. |
|
Remarkbly-helpful feedback, once again. I inquired at the above request about the API-addition status, details below. An aside: it might be useful to make a comment about the permisions at the add-on home page, where at least a couple recent reviews were discussing/complianing it: also fyi: I checked in at the above request to see if they have any movement: Additional, related discussion (where I discovered the full-address-column add-on) here: |
|
The message tree is going to be rewritten (in core) and the way columns are handled will change. I think I will provide the missing API as soon as the new tree model has been implemented. Sorry if that answer is not what you were looking for. As long as the old tree model is used, the Experiment approach will work. |
|
Seems encouraging to me, thanks @jobisoft for the super-timely reply. Alas, I'm not the add-on's developer/commentor on this thread (@lkosson), and I defer to him. @jobisoft writes:
|
|
Also: I just now requested (referencing this issue-discussion-thread here) that the add-ons/extension leaders document/summarizing the general state of extensions and such... so as to minimize future developer-and-power-user confusion: |
|
Besides the documents I listed in my answer in the bug, I like to point out our community channels, where you can get in touch with other developers, or me (I am Thunderbirds add-on coordinator and support engineer). |
This add-on (thus far) does exactly what I want in Thunderbird (v91.5.1) -- nice job.
However, it's uncomfortable for me--and I suspect others might feel the same--to give the add-on access to basically do "anything it wants with no restriction" (I'm paraphrasing; I did not record the exact syntax; something like "Full access to Thunderbird and all of your computer") when you install it.
Is there a feasible way to reduce the permissions to a more-reasonable level, and then release a new version with only the requested-permissions change?
The text was updated successfully, but these errors were encountered: