On Fri, Aug 28, 2015 at 12:18 AM, Martin Stransky stransky@redhat.com wrote:
On 08/27/2015 04:40 PM, Alexander Ploumistos wrote:
Aren't the addons that we ship in fedora a bunch of text files zipped in an xpi archive? It is kind of awkward to send them back and forth, but if there are no other binaries, does it go against a particular policy?
Or we could decide that we trust Mozilla's code review process and drop packaging addons altogether, as was suggested. At least the users will receive updates faster.
Can we ship addons which are already signed by Mozilla? Or does Fedora packager modify them somehow?
Another thought: could we ask Mozilla for permission to exempt a specific directory (e.g. /usr/share/distro-firefox-extensions) from signature requirements for .xpi files that are owned by root?
After all, anyone who can drop root-owned files in there can just as easily replace the entire firefox binary.
--Andy