open-paren
3 hours ago
I manage a medium-sized browser extension at work. We also offer(ed) it on Firefox. But I have spent the past year struggling to get back into Mozilla store after a manual review. As far as I can tell, there are maybe two reviewers that are based in Europe (Romania?). The turn around time is long when I am in the US, and it has been rife with this same kind of "simple mistake" that takes 2 weeks to resolve. "You need a privacy policy"–we already have one. "You are using machine generated and minified code"–no you are looking at the built code, not the included source. "We cannot reproduce your source"-that's because you didn't follow instructions and are in the wrong directory. Very frustrating.
adrian17
an hour ago
> We cannot reproduce your source
This is the biggest issue we had, and we had to add a decent bit of complexity to our builds to support reproducible builds in the exact way they want. But the silly part is that our extension involves building a wasm file from Rust, and after some back and forth it turned out that they don't require it to be reproducible (despite being core of our extension and containing 99% of our logic), which honestly feels like it defeats the point - who cares if JS reproduces if you can hide any arbitrary possibly-malicious code in wasm.
For a while we were seriously considering putting our prebuilt wasm in the source package or on npm, just to make the "reproducible build" on AMO side simpler, despite this making it even further from how it's actually built.
jjice
2 hours ago
Also had these issues when working on my previous job's extension. The Firefox review process was a real nightmare to work with. Same heavy delays and misunderstandings your mentioned. Eventually the company just stopped updating the Firefox extension as often since usage was low and the review process was such a pain. Unfortunate for me, as the only engineer (maybe employee) at that company that used Firefox.
whstl
25 minutes ago
Same here. We even had a special "mini" Firefox version that didn't require any additional Javascript build step, to make the review easy. But there were so many issues with the review and so few users that we just decided to give up.
giancarlostoro
2 hours ago
> that's because you didn't follow instructions and are in the wrong directory.
You just need to have a shell script in the root directory that assumes the person running it has 0 clue about your extension.
Also some of this reminds me of Apple. They clear something up, then bring it up again the next time review is needed.
adrian17
an hour ago
Even this we had issues with - we wrapped the entire build environment and script in a dockerfile, but depending on system configuration you may or may not have to run docker with sudo - it just so happened that reviewer's environment required it, while ours didn't, and the reviewer needed specific instructions on what to do in this case.
Another time, they failed the review because the reviewer's VM _ran out of disk space_ (which we only learned after digging into the issue, as the first report just mentioned "build errors"; according to later inquiries the VM had ~9GB available) and we had to add some extra build logic to delete intermediate files, just for them. The build is quite large because it involves rust->wasm compilation, but I'd still expect the reviewer's machine to have a bit more space...
sureIy
3 hours ago
I had these issues too a few years ago. Now the review time is shorter than Chrome’s and hasn’t been flagged in a few years. However my extension has about 10k users, if that makes any difference.
jeffchien
an hour ago
The reproducible build requirement seems to be a major blocker for many addons, including one I use for Twitch: https://github.com/FrankerFaceZ/FrankerFaceZ/issues/1495#iss...
ilrwbwrkhv
2 hours ago
That's not just mozilla. Google's review team all are in India and they cannot write clear English. It's a mess.
Rinzler89
2 hours ago
>Google's review team all are in India and they cannot write clear English.
Which is ironic considering the reason they went to India and not other countries with cheap labor is that English is an official language there.
politelemon
2 hours ago
Also Apple and Meta. It's awful dealing with infallible gatekeepers.