On 02/12/2015 11:15 AM, Nikos Roussos wrote:
On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth
<mike(a)cchtml.com>
wrote:
> Is Fedora going to get authorization to build Firefox with a runtime
> disable option?
If the only way is to completely disable this feature, I'd prefer we don't.
I wouldn't like for us to ship a less secure build of Firefox.
It's not the only way, you can also patch the Firefox binary on disk to
disable the check. You can even run a copy in case you cannot modify
the original version due to file system permissions.
This is why I don't see how this can be a security improvement, at least
not on Fedora. If it really cannot be disabled, it will also cause
problems for centrally managed Firefox deployments which need to
pre-install add-ons into user profiles.
--
Florian Weimer / Red Hat Product Security