This is a pretty big change to bring in without warning. It would be nice if extensions could be signed but not on the store. I have extensions for internal business apps, they make no sense on the store but having a techy installation process is a big hassle. Google could even host the code (and have the ability to revoke), I just want a way to have "private" extensions that only only delivered to who I want.
From the discussion: "In order to install off-store extensions, the user must download them to a directory and drag them onto chrome://extensions/.". Is this not a viable solution for your use case?
For one thing, this can't be done without a mouse to drag-and-drop with. This limits the extension of off-store extensions to those who can use a mouse, which is an accessibility issue. Are handicapped users or keyboard-only users just thrown to the wayside these days?
I was specifically asking about jonknee's use case, I never claimed that this would be an ideal solution for every other possible scenario. That said, your request to have a mouse-free way to install extensions is totally sensible, and I would be surprised and disappointed if they did not think of alternate ways to do that (perhaps using the command-line).
I guess we will find out, that sounds like a pretty big roadblock for the skill level of users I am working with.
There seem like there's a better solution out there, at leat for my use case. I serve the crx bundle from the same domain that it interacts with, that seems like it could be pretty malware proof.
From the discussion it looks like the chrome devs want to support this use case. I think the idea is that you can add more trusted installation locations.
That's great, but what's the enterprise supposed to do? You don't want ABC Corp CRM app in the Google store, it only makes sense to people who work for ABC Corp.
