On Wed, Aug 26, 2015 at 05:53:36PM +0200, drago01 wrote: > On Wed, Aug 26, 2015 at 3:13 PM, Richard Z <r...@linux-m68k.org> wrote: > > On Wed, Aug 26, 2015 at 03:12:25PM +0300, Alexander Ploumistos wrote: > >> Their FAQ is constantly updated: > >> > >> https://wiki.mozilla.org/Addons/Extension_Signing#FAQ > >> > >> I'm not sure if there is a valid practical reason to refuse submitting the > >> addons that we ship to their signing service or if it is against our > >> policies; at least mozilla-https-everywhere has been signed. > > > > that would work for Fedora - if it can be guaranteed that they sign new > > versions quickly. Immagine if one of our plugins had a security hole and > > mozilla would need days or weeks to sign it. As far as I can see Fedora > > specific extensions would have to be listed which means they would go > > through manual code review at mozilla. > > > >> Mozilla states that they will be offering an unbranded binary (en_US only) > >> for development and testing purposes. > > > > For me this appears the only possibility and I suspect there are more > > Fedora users like me maintaining their own Firefox extensions. > > > > So will we get a firefox-unbranded package? > > A better solution would be to add a mechanism that allows you to use > your own signing keys.
which would be possible only with firefox-unbranded unless some wonder happens. > That way you have both 1) install self built extensions and 2) the > added security. might be a security gain for some people but not for me. Richard -- Name and OpenPGP keys available from pgp key servers -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
