Firefox addon signing
fweimer at redhat.com
Thu Feb 12 12:47:34 UTC 2015
On 02/12/2015 11:15 AM, Nikos Roussos wrote:
> On Thu, Feb 12, 2015 at 6:30 AM, Michael Cronenworth <mike at cchtml.com>
>> Is Fedora going to get authorization to build Firefox with a runtime
>> disable option?
> If the only way is to completely disable this feature, I'd prefer we don't.
> I wouldn't like for us to ship a less secure build of Firefox.
It's not the only way, you can also patch the Firefox binary on disk to
disable the check. You can even run a copy in case you cannot modify
the original version due to file system permissions.
This is why I don't see how this can be a security improvement, at least
not on Fedora. If it really cannot be disabled, it will also cause
problems for centrally managed Firefox deployments which need to
pre-install add-ons into user profiles.
Florian Weimer / Red Hat Product Security
More information about the devel