#26553: Sign our own extensions in Tor Browser -------------------------------------------------+------------------------- Reporter: gk | Owner: tbb- | team Type: defect | Status: new Priority: High | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: ff60-esr, tbb-security, | Actual Points: GeorgKoppen201808, TorBrowserTeam201808 | Parent ID: | Points: Reviewer: | Sponsor: -------------------------------------------------+-------------------------
Comment (by intrigeri): We at Tails currently patch the add-on signature checking code (on top of your current patch that adds a whitelist with `if (aAddon.id == […]` aka. 0714762d25415271191503903a9f2fb0627ca38d on the tor- browser-60.1.0esr-8.0-1 branch) to add uBlock to the list. We've discussed this on the https://lists.torproject.org/pipermail/tbb- dev/2017-April/000515.html thread, where it seems that we (TBB team + Tails) reached a tentative agreement to move the whitelist to a pref. But so far we failed to write the corresponding code, sorry! FTR on Tails' side this is tracked on https://labs.riseup.net/code/issues/12571. It would be extremely helpful if the resolution for this ticket made things better for us (e.g. keep that patch and create a pref with the list of allowed unsigned add-ons, empty by default for TBB, where we would add uBlock) instead of worse. Things would get worse for us if the code that adds a whitelist with `if (aAddon.id == […]` was fully removed: then we would need to carry it as part of Tails delta, which is quite ugly and painful. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26553#comment:7> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs