This "bizarre policy" was software signing, which is in fact a security feature.
I don't understand what "getting their act together" means here, when you're posting it on an announcement that the problem has already been fixed. Should Firefox proactively remove all security features that risk ever posing some modicum of inconvenience to users? Because that would be... all of them.
In this scenario, malware add-ons would be signed only for that particular Firefox installation.
Essentially, I am arguing that Firefox should let you create your own signing key pair (which would be valid only on that single Firefox installation) and sign any add-on using it.
It's a large enough hoop that most users would not jump over it, not least because they would not know what they're doing, but it would be there for those who need it and relinquish the central point of failure that is the AMO.
The current situation is basically the Secure Boot fiasco all over again.
I don't understand what "getting their act together" means here, when you're posting it on an announcement that the problem has already been fixed. Should Firefox proactively remove all security features that risk ever posing some modicum of inconvenience to users? Because that would be... all of them.