Firefox addon signing
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Sat Aug 29 08:55:25 UTC 2015
On Friday, 28 August 2015 at 11:24, Martin Stransky wrote:
> On 08/28/2015 11:00 AM, Alexander Ploumistos wrote:
> >On Fri, Aug 28, 2015 at 10:18 AM, Martin Stransky <stransky at redhat.com> wrote:
> >>Can we ship addons which are already signed by Mozilla? Or does Fedora
> >>packager modify them somehow?
> >
> >It seems that even when the source is an xpi file, rpm treats it like
> >any other source package and its contents can be patched. I don't know
> >how that works, because signed addons contain a manifest file with md5
> >and sha1 checksums for all included files and I would expect that
> >modifications to any of them would cause the addon to get disabled.
> >Obviously we need input from a packager involved with the process.
> >Asking legal couldn't hurt either.
>
> Thanks for the info. Actually is there any reason why Fedora packager would
> need to modify the original extension?
Yes. Bundled JavaScript libraries are one example. Fedora-specific
preferences would be another.
Regards,
Dominik
--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the devel
mailing list