On Friday, 28 August 2015 at 11:24, Martin Stransky wrote: > On 08/28/2015 11:00 AM, Alexander Ploumistos wrote: > >On Fri, Aug 28, 2015 at 10:18 AM, Martin Stransky <stransky@xxxxxxxxxx> wrote: > >>Can we ship addons which are already signed by Mozilla? Or does Fedora > >>packager modify them somehow? > > > >It seems that even when the source is an xpi file, rpm treats it like > >any other source package and its contents can be patched. I don't know > >how that works, because signed addons contain a manifest file with md5 > >and sha1 checksums for all included files and I would expect that > >modifications to any of them would cause the addon to get disabled. > >Obviously we need input from a packager involved with the process. > >Asking legal couldn't hurt either. > > Thanks for the info. Actually is there any reason why Fedora packager would > need to modify the original extension? Yes. Bundled JavaScript libraries are one example. Fedora-specific preferences would be another. Regards, Dominik -- Fedora http://fedoraproject.org/wiki/User:Rathann RPMFusion http://rpmfusion.org "Faith manages." -- Delenn to Lennier in Babylon 5:"Confessions and Lamentations" -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
