While it seems to have been in development for a while, it only recently got public coverage: Mozilla is planning to introduce addon-signing in firefox.
First of all: I welcome that.
However, as beneficial signed addons can be, mozilla is still doing it wrong, and I'll elaborate on how so, and why.
What does it mean?
The idea behind signing addons is, that a trusted party can verify that the addon is what it claims to be, and - in a stretch - does not misbehave.
For this, the addon is signed with a cryptographic key that cannot be faked and the person/organization who does the signing guarantees for the addon with their name.
This certainly isn't a new concept, it is very sound and used in many places. For example: windows device drivers are signed by Microsoft, Linux kernel source releases are signed by Linus Torvalds, debian packages are signed by debian developers, and so on.
How does it work in firefox?
If signed addons are introduced in firefox, it means, that addons need to be signed so firefox will load them.
I have not looked in detail on how mozilla will do that, but the easiest way ...