On Thu, Jan 7, 2016 at 11:14 AM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Thu, Jan 07, 2016 at 11:06:35AM -0700, Chris Murphy wrote: >> > Mozilla provides an API to sign extensions outside from their >> > infrastructure. It's our infrastructural decision (correctly in my >> > opinion) that prohibits this type of implementation. >> Why is it OK for Fedora infrastructure to sign the bootloader, the >> kernel, and kernel modules, but not application extensions? > > I don't think that's the question. The problem is that there isn't a > way for us to sign them -- the above is just an API for Mozilla to sign > them over the network, right? OK but shim is signed by Microsoft, which is clearly outside our infrastructure. The assertion that Fedora infrastructure prohibits external signing of things to be included in Fedora would seem to be incorrect, unless I'm misunderstanding some nuance. Are there Firefox extensions only hosted by Fedora that aren't available in AMO? Why can't these be made available through AMO instead? Off hand it doesn't really make sense to me that a whole separate extension signing infrastructure needs to be created. If there's some reason certain add-ons can't be in AMO, but need to be in Fedora, (and same for Chrome and any other browser) then yeah, we're going to need code signing infrastructure implemented for each of these browsers. I don't see a way around that. Disabling code signed in the browser is a bad idea, I don't like that at all, certainly not be default, that'd be a huge loss of trust in my mind if the default browser weren't doing everything it can to avoid executing malicious software. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
