Firefox addon signing
Reindl Harald
h.reindl at thelounge.net
Thu Feb 12 18:07:34 UTC 2015
Am 12.02.2015 um 18:53 schrieb Simo Sorce:
>> Maybe it is only about preventing people from bundling the official
>> Firefox version with dodgy add-ons. Not downright malware, but things
>> users may not actually want without realizing it. The signature
>> checking means that those who prepare the downloads can no longer use
>> the unmodified upstream binary. Which in turn might force them not to
>> use Mozilla brands.
>>
>> Maybe this is a bit far-fetched, but after hours of staring at other
>> people's code today, it seems pretty reasonable to me.
>>
>> But what do add-on developers do? Surely there is a way to disable this
>> somehow?
>
> Mozilla stated they will have to use the Developer Version (Aurora was
> the name ?) or the nightlies ...
than Fedora needs to switch to the developer version if that *really*
can't be disabled via about:config - that is a unacceptable restriction
until hmtlvalidator, livehttpheaders and friends are available sigend
via the mozilla page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150212/5834cc2f/attachment.sig>
More information about the devel
mailing list