On 08/28/2015 11:00 AM, Alexander Ploumistos wrote:
On Fri, Aug 28, 2015 at 10:18 AM, Martin Stransky
<stransky(a)redhat.com> wrote:
> Can we ship addons which are already signed by Mozilla? Or does Fedora
> packager modify them somehow?
It seems that even when the source is an xpi file, rpm treats it like
any other source package and its contents can be patched. I don't know
how that works, because signed addons contain a manifest file with md5
and sha1 checksums for all included files and I would expect that
modifications to any of them would cause the addon to get disabled.
Obviously we need input from a packager involved with the process.
Asking legal couldn't hurt either.
Thanks for the info. Actually is there any reason why Fedora packager
would need to modify the original extension?
ma.