On 08/28/2015 11:00 AM, Alexander Ploumistos wrote:
On Fri, Aug 28, 2015 at 10:18 AM, Martin Stransky <stransky@xxxxxxxxxx> wrote:
Can we ship addons which are already signed by Mozilla? Or does Fedora
packager modify them somehow?
It seems that even when the source is an xpi file, rpm treats it like
any other source package and its contents can be patched. I don't know
how that works, because signed addons contain a manifest file with md5
and sha1 checksums for all included files and I would expect that
modifications to any of them would cause the addon to get disabled.
Obviously we need input from a packager involved with the process.
Asking legal couldn't hurt either.
Thanks for the info. Actually is there any reason why Fedora packager
would need to modify the original extension?
ma.
I think that these are all the addons that we ship and must be signed
(dictionaries, themes and plugins are exempt from the signing
process):
http://pkgs.fedoraproject.org/cgit/firefox-esteidpkcs11loader.git/
http://pkgs.fedoraproject.org/cgit/mozilla-adblockplus.git/
http://pkgs.fedoraproject.org/cgit/mozilla-https-everywhere.git/
http://pkgs.fedoraproject.org/cgit/mozilla-noscript.git/
http://pkgs.fedoraproject.org/cgit/mozilla-requestpolicy.git/
http://pkgs.fedoraproject.org/cgit/spice-xpi.git/
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
