On 01/02/2016 02:50 PM, Doug Newgard wrote: > On Sat, 2 Jan 2016 15:35:01 -0700 > Leonid Isaev <leonid.isaev@xxxxxxxxxxxxxxxxx> wrote: > >> On Sat, Jan 02, 2016 at 02:06:05PM -0800, Kyle Terrien wrote: >>> Thank you! I was tempted to reopen it, but it looks like the general >>> consensus is that an AUR package will be submitted. >> >> You can only request to reopen... > > And that request would be denied unless you can bring new info to the table. So > far, I haven't seen any. The new info I have is that Mozilla is creating a walled garden. There is no way to override it besides rebuilding Firefox. The Fedora bugreport I pointed at earlier [0] compares this to package signing in RPM (or in our case pacman). The difference with package signing is that a user can add his own key and use that key to sign packages. In Firefox 44, you can do no such thing. You are at Mozilla's mercy. And Mozilla's add-on checker isn't perfect either [1]. These two reasons are why I believe that Mozilla's signature policy is a step in the wrong direction. On the other hand, I fully understand why we would want to follow upstream--less work for packaging and testing, as well as official sanctioning via branding. But I'm not affected much anyway because I'm on Pale Moon (using their official builds). --Kyle Terrien [0] https://fedorahosted.org/fesco/ticket/1518 [1] http://danstillman.com/2015/11/23/firefox-extension-scanning-is-security-theater
Attachment:
signature.asc
Description: OpenPGP digital signature
