On Feb 26, 2016 12:09 PM, "Stephen Gallagher" <sgallagh@xxxxxxxxxx> wrote:
>
> Esteemed Council Members,
>
> For a while now, FESCo has been deliberating options on how to deal with
> Mozilla's change to Firefox that disallows the loading of extensions that
> haven't been signed by the Mozilla Foundation, particularly those extensions
> that we ship in the Fedora repositories.
>
> A month ago, FESCo drafted a letter that we sent to Mozilla (reproduced below).
> They replied that they would provide us with a detailed response the next day. I
> have subsequently pinged them each week for the last four.
>
> At this time, FESCo would like the Council's permission to offer Mozilla one
> more chance to reply privately, else the Fedora Project will make the contents
> of the letter into an open letter, published prominently. This will be done in
> the hopes of involving other distributions and entities that value user freedoms
> to support us in this effort.
>
> We would like to have this discussed and (hopefully) approved during the Council
> meeting this Monday, February 29th, so that we can contact Mozilla with a
> deadline of March 10th to reply.
>
>
>
> The original letter:
>
>
> Subject: Mozilla Firefox Extension Signing
> ==========================================
>
>
> Greetings, Mozilla Foundation,
>
> Members of the Fedora Project have recently raised concerns about the state of
> Firefox extensions in version 43 and later. As you are aware, beginning with
> Firefox version 43, only those extensions which have been signed by the Mozilla
> Foundation and published on addons.mozilla.org are permitted to be installed
> and used.
>
> We are aware of the set of problems that Mozilla is attempting to solve with
> the implementation of this new policy. You want to help users avoid installing
> malware or other harmful, insecure or privacy-violating software. This is a
> noble goal and one that we agree is worth pursuing.
>
> However, this new policy in Firefox has made a number of things very difficult
> for Fedora and (presumably) other Free Software distributions. The requirement
> for package signing effectively prevents the Fedora project from offering
> distribution packages for any extensions. There are multiple reasons that such
> packages are made available:
>
> * Users of Fedora may trust the distribution to sign their packages, but be
> unwilling to extend that trust to individual upstreams, regardless of
> Mozilla's relative reliability.
>
> * The Fedora Project or a downstream remix might wish to ship certain
> extensions to Firefox by default. A hypothetical example might be an
> extension to manage login to the Fedora Project family of web services.
> Another such example would be for us to ship with a security-enhancing
> extension such as "HTTPS Everywhere" in the default configuration.
>
> * A business might wish only to install packages provided by the distribution
> onto their users' systems (this is particularly common among users of
> enterprise distributions).
>
> Furthermore, though the current policies on how an extension gets approved or
> denied are quite good and transparent, some have expressed concern that at some
> point this will change or be enforced incorrectly, resulting in denials of
> useful extensions from distribution.
>
> Representing the Fedora Project, we would like to request that Mozilla consider
> implementing (or accepting patches from us to implement) one or more of the
> following potential mitigating approaches:
>
> * Firefox does not mandate signature checking for system-installed extensions.
> - Only an administrative user (e.g. root) has privilege to install system-
> wide extensions, and this user already has ultimate power by installing an
> alternative Firefox build if malice was their goal.
>
> * Firefox retains the option of disabling signature checking for its
> extensions. A permissible compromise here would be for this feature to be
> unavailable to ordinary users, but configurable only in the system-wide
> configuration by an administrative user.
>
> * Firefox adds the ability for the system administrator to add and remove
> signing authorities that signature checking will honor. Fedora (and other
> distributions) could then choose to ship with their own signing certificate
> enabled by default.
> - This is our preferred solution, as it should be the most robust and the
> most in keeping with Mozilla's goals.
> - This option would also therefore permit an administrator to add a signing
> authority for private extensions or extensions under development.
>
> Mozilla and the Fedora Project have had a long and mutually productive
> relationship, so I am confident that we can work together to discover a way
> forwards that will satisfy both the user-safety concerns as well as the ability
> for users and distributions to run the software of their choosing.
>
> Sincerely,
> The Fedora Engineering Steering Committee
> * Josh Boyer
> * Kevin Fenzi
> * Stephen Gallagher
> * Haïkel Guémar
> * Dennis Gilmore
> * Kalev Lember
> * Adam Miller
> * Parag Nemade
> * Jared Smith
> as well as Matthew Miller, the Fedora Project Leader
>
>
> _______________________________________________
As a consumer of both unsigned internal extensions and Fedora, I appreciate FESCO taking an interest in this issue. As an admin responsible for Firefox redistribution in a former life, I believe that the approach of allowing system level extensions is technically feasible, sane, and still addresses concerns about bad extensions from the wild. Well done, FESCO, public visibility of this letter would get my vote.
--Pete
_______________________________________________ council-discuss mailing list council-discuss@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct http://lists.fedoraproject.org/admin/lists/council-discuss@xxxxxxxxxxxxxxxxxxxxxxx The Fedora Project's mission is to lead the advancement of free and open source software and content as a collaborative community.