Esteemed Council Members,
For a while now, FESCo has been deliberating options on how to deal with
Mozilla's change to Firefox that disallows the loading of extensions that
haven't been signed by the Mozilla Foundation, particularly those extensions
that we ship in the Fedora repositories.
A month ago, FESCo drafted a letter that we sent to Mozilla (reproduced below).
They replied that they would provide us with a detailed response the next day. I
have subsequently pinged them each week for the last four.
At this time, FESCo would like the Council's permission to offer Mozilla one
more chance to reply privately, else the Fedora Project will make the contents
of the letter into an open letter, published prominently. This will be done in
the hopes of involving other distributions and entities that value user freedoms
to support us in this effort.
We would like to have this discussed and (hopefully) approved during the Council
meeting this Monday, February 29th, so that we can contact Mozilla with a
deadline of March 10th to reply.
The original letter:
Subject: Mozilla Firefox Extension Signing
==========================================
Greetings, Mozilla Foundation,
Members of the Fedora Project have recently raised concerns about the state of
Firefox extensions in version 43 and later. As you are aware, beginning with
Firefox version 43, only those extensions which have been signed by the Mozilla
Foundation and published on addons.mozilla.org are permitted to be installed
and used.
We are aware of the set of problems that Mozilla is attempting to solve with
the implementation of this new policy. You want to help users avoid installing
malware or other harmful, insecure or privacy-violating software. This is a
noble goal and one that we agree is worth pursuing.
However, this new policy in Firefox has made a number of things very difficult
for Fedora and (presumably) other Free Software distributions. The requirement
for package signing effectively prevents the Fedora project from offering
distribution packages for any extensions. There are multiple reasons that such
packages are made available:
* Users of Fedora may trust the distribution to sign their packages, but be
unwilling to extend that trust to individual upstreams, regardless of
Mozilla's relative reliability.
* The Fedora Project or a downstream remix might wish to ship certain
extensions to Firefox by default. A hypothetical example might be an
extension to manage login to the Fedora Project family of web services.
Another such example would be for us to ship with a security-enhancing
extension such as "HTTPS Everywhere" in the default configuration.
* A business might wish only to install packages provided by the distribution
onto their users' systems (this is particularly common among users of
enterprise distributions).
Furthermore, though the current policies on how an extension gets approved or
denied are quite good and transparent, some have expressed concern that at some
point this will change or be enforced incorrectly, resulting in denials of
useful extensions from distribution.
Representing the Fedora Project, we would like to request that Mozilla consider
implementing (or accepting patches from us to implement) one or more of the
following potential mitigating approaches:
* Firefox does not mandate signature checking for system-installed extensions.
- Only an administrative user (e.g. root) has privilege to install system-
wide extensions, and this user already has ultimate power by installing an
alternative Firefox build if malice was their goal.
* Firefox retains the option of disabling signature checking for its
extensions. A permissible compromise here would be for this feature to be
unavailable to ordinary users, but configurable only in the system-wide
configuration by an administrative user.
* Firefox adds the ability for the system administrator to add and remove
signing authorities that signature checking will honor. Fedora (and other
distributions) could then choose to ship with their own signing certificate
enabled by default.
- This is our preferred solution, as it should be the most robust and the
most in keeping with Mozilla's goals.
- This option would also therefore permit an administrator to add a signing
authority for private extensions or extensions under development.
Mozilla and the Fedora Project have had a long and mutually productive
relationship, so I am confident that we can work together to discover a way
forwards that will satisfy both the user-safety concerns as well as the ability
for users and distributions to run the software of their choosing.
Sincerely,
The Fedora Engineering Steering Committee
* Josh Boyer
* Kevin Fenzi
* Stephen Gallagher
* Haïkel Guémar
* Dennis Gilmore
* Kalev Lember
* Adam Miller
* Parag Nemade
* Jared Smith
as well as Matthew Miller, the Fedora Project Leader
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ council-discuss mailing list council-discuss@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct http://lists.fedoraproject.org/admin/lists/council-discuss@xxxxxxxxxxxxxxxxxxxxxxx The Fedora Project's mission is to lead the advancement of free and open source software and content as a collaborative community.
