Remove Web Store extension signature requirement (allow any valid signature)

[gdmeunier]

Is your feature request related to a problem? Please describe.
This is a feature request related to a problem while using Supermium.

Intro
When I use Chromium builds from before the Windows 10-only changes I can install any extension without using the Chrome Web Store.

The extension cans also be modified to remove bloat & tracking; then I can repack it with Chromium and install it directly.
If I need to update it, I just resign the original extension update with my own private key.

This is wonderful to cure Chrome extensions from tracking & various other diseases that often lurk inside even the most popular Chrome extensions, without having to use group policies all the time.

Additional context
I think that the Web Store signature requirement is wrong to begin with, and the machine SID obfuscation was already annoying enough (especially when creating virtualized apps, such that Turbo.NET had to implement SID cloning).

We shouldn't try to turn a web browser into an obfuscated Knox fortress just because people might run bad programs that will install rogue extensions.

People who run bad programs or install adware will do it anyway, and we can already recover Chrome passwords, spy on bookmarks, and browsing history; is Google going to also obfuscate browsing history & bookmarks too?

We should stop this web browser fake-security madness and simply acknowledge that we can't protect an entire computer from malware and adware just because we 'protect Chrome from untrusted input'.

• Does Google know what a keylogger is?
  Such spywares don't need to inject rogue extensions in your Chrome profiles.
• So will Google also go full-retard just like Oracle Corporation, and implement 'Chrome hardening' with a kernelmode driver, to protect its data?

Very similar to how Oracle Corporation totally ruined the official VirtualBox builds with their garbage 'VirtualBox hardening', which was actually implemented for a totally different reason than the official one:
Oracle Corporation claimed that it was for patching a critical guest VM escape vulnerability, but no; it was instead added to prevent reverse-engineers from easily patching the binaries to hide the VirtualBox VM.

Note: VMware never used any hardening in their virtualization products, and didn't suffer from any VM escape vulnerability that ever required them to implement such hardening measures to correct it.

Note: The VirtualBox forum moderators are known for being pompous assholes, by immediately questioning people who ask how to change hardware IDs, claiming that they want to commit fraud if they need to use a SLIC table, and refusing to tell people how to change their CPUID (they get especially butthurt about that one).

Note: The Oracle Corporation developers are also pompous, by deliberately hiding the possibility of using a custom SSDT and DSDT table, additionally to replacing the preference name of valuable features with a whitespace character.

• What that part about VirtualBox is for, you might ask?
  Because you don't want Chrome to become the new VirtualBox, for example.

Describe the solution you'd like
I want that third-party Chromium browser developers decide to always remove the Web Store extension signature requirement from their custom builds, in order to give more freedom to users without forcing them to use group policies.

Group policies are reserved for managing centralized settings and automated deployments, not for casually whitelisting generic user preferences all the time.

The concept of group policies used to whitelist extensions for the end-user is totally wrong since it theorically means that a private user program somehow requires a global Administrator approval just for changing its own private settings in a per-user directory.

Chrome is also not an enterprise Web browser, but a normal Web browser targeted at end-users.
If Google wants to do such things, it should do it with a separate Enterprise edition of Chrome instead.

I also see that the annoying notification that appeared at every launch, when installing extensions from a folder disappeared in Supermium; I don't know if it's a bug, but this is the way to go; this annoying notification should also stay removed.

Describe alternatives you've considered
I don't think that any other alternatives will be possible for Windows 7 SP1 users in the future, if they want to be able to use their own modified Chrome extensions.
Otherwise they will have to use group policies all the time to whitelist new extension installs.

And since Supermium seems to be the only Chromium browser that supports Windows 7 SP1 and has the latest versions, it's more important for Supermium to have this Web Store signature requirement removed from it than with any other Chromium fork.

[win32ss]

Oracle Corporation claimed that it was for patching a critical guest VM escape vulnerability, but no; it was instead added to prevent reverse-engineers from easily patching the binaries to hide the VirtualBox VM.

And it also prevents usage of VirtualBox 4.1.23 and above with a patched uxtheme...

If Google wants to do such things, it should do it with a separate Enterprise edition of Chrome instead.

It exists and they charge a monthly subscription for it.

I will have to remove the signing requirement for MV2 because of the impeding removal of all MV2 extensions from the Web Store, and will likely do the same for MV3 extensions.