Firefox addon signing

Richard Z rz at linux-m68k.org
Wed Aug 26 13:13:08 UTC 2015


On Wed, Aug 26, 2015 at 03:12:25PM +0300, Alexander Ploumistos wrote:
> Their FAQ is constantly updated:
> 
> https://wiki.mozilla.org/Addons/Extension_Signing#FAQ
> 
> I'm not sure if there is a valid practical reason to refuse submitting the
> addons that we ship to their signing service or if it is against our
> policies; at least mozilla-https-everywhere has been signed.

that would work for Fedora - if it can be guaranteed that they sign new
versions quickly. Immagine if one of our plugins had a security hole and
mozilla would need days or weeks to sign it. As far as I can see Fedora 
specific extensions would have to be listed which means they would go 
through manual code review at mozilla.

> Mozilla states that they will be offering an unbranded binary (en_US only)
> for development and testing purposes.

For me this appears the only possibility and I suspect there are more 
Fedora users like me maintaining their own Firefox extensions. 

So will we get a firefox-unbranded package?

Richard

-- 
Name and OpenPGP keys available from pgp key servers



More information about the devel mailing list