On Thu, Feb 12, 2015 at 07:07:34PM +0100, Reindl Harald wrote:
Am 12.02.2015 um 18:53 schrieb Simo Sorce:
Maybe it is only about preventing people from bundling the official Firefox version with dodgy add-ons. Not downright malware, but things users may not actually want without realizing it. The signature checking means that those who prepare the downloads can no longer use the unmodified upstream binary. Which in turn might force them not to use Mozilla brands.
Maybe this is a bit far-fetched, but after hours of staring at other people's code today, it seems pretty reasonable to me.
But what do add-on developers do? Surely there is a way to disable this somehow?
Mozilla stated they will have to use the Developer Version (Aurora was the name ?) or the nightlies ...
than Fedora needs to switch to the developer version if that *really* can't be disabled via about:config - that is a unacceptable restriction until hmtlvalidator, livehttpheaders and friends are available sigend via the mozilla page
any news on that on our side? From firefox-devel I gather that the "feature" will land exactly as anounced.
There will be no configurable option for the user or sysadmin to allow loading of plugins not signed by mozilla - be it Fedora signed plugins or my personal bunch of homebrown locally built plugins.
So I think Fedora could provide 2 Firefox packages: * firefox-official with all restrictions * unbranded-firefoxlike-browser which is almost identical but without said restrictions
Richard