On Thu, Feb 12, 2015 at 07:07:34PM +0100, Reindl Harald wrote: > > Am 12.02.2015 um 18:53 schrieb Simo Sorce: > >>Maybe it is only about preventing people from bundling the official > >>Firefox version with dodgy add-ons. Not downright malware, but things > >>users may not actually want without realizing it. The signature > >>checking means that those who prepare the downloads can no longer use > >>the unmodified upstream binary. Which in turn might force them not to > >>use Mozilla brands. > >> > >>Maybe this is a bit far-fetched, but after hours of staring at other > >>people's code today, it seems pretty reasonable to me. > >> > >>But what do add-on developers do? Surely there is a way to disable this > >>somehow? > > > >Mozilla stated they will have to use the Developer Version (Aurora was > >the name ?) or the nightlies ... > > than Fedora needs to switch to the developer version if that *really* can't > be disabled via about:config - that is a unacceptable restriction until > hmtlvalidator, livehttpheaders and friends are available sigend via the > mozilla page any news on that on our side? From firefox-devel I gather that the "feature" will land exactly as anounced. There will be no configurable option for the user or sysadmin to allow loading of plugins not signed by mozilla - be it Fedora signed plugins or my personal bunch of homebrown locally built plugins. So I think Fedora could provide 2 Firefox packages: * firefox-official with all restrictions * unbranded-firefoxlike-browser which is almost identical but without said restrictions Richard -- Name and OpenPGP keys available from pgp key servers
Attachment:
pgp2HsyJ9NRQ5.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
