On Wed, Aug 26, 2015 at 3:13 PM, Richard Z <rz@xxxxxxxxxxxxxx> wrote: > On Wed, Aug 26, 2015 at 03:12:25PM +0300, Alexander Ploumistos wrote: >> Their FAQ is constantly updated: >> >> https://wiki.mozilla.org/Addons/Extension_Signing#FAQ >> >> I'm not sure if there is a valid practical reason to refuse submitting the >> addons that we ship to their signing service or if it is against our >> policies; at least mozilla-https-everywhere has been signed. > > that would work for Fedora - if it can be guaranteed that they sign new > versions quickly. Immagine if one of our plugins had a security hole and > mozilla would need days or weeks to sign it. As far as I can see Fedora > specific extensions would have to be listed which means they would go > through manual code review at mozilla. > >> Mozilla states that they will be offering an unbranded binary (en_US only) >> for development and testing purposes. > > For me this appears the only possibility and I suspect there are more > Fedora users like me maintaining their own Firefox extensions. > > So will we get a firefox-unbranded package? A better solution would be to add a mechanism that allows you to use your own signing keys. That way you have both 1) install self built extensions and 2) the added security. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
