desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #155686
[Bug 1532484] Re: Don't warn about unsigned extension installed via Debian packages
** Changed in: iceweasel (Debian)
Status: Unknown => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1532484
Title:
Don't warn about unsigned extension installed via Debian packages
Status in firefox package in Ubuntu:
Opinion
Status in iceweasel package in Debian:
Fix Released
Bug description:
"Mozilla is in the progress of requiring extensions to be signed, which I think is a good thing. However, for Debian packages we
already have it signed by the Developer uploading it, I see no need to have Mozilla also sign it. I suggest we don't warn / disable about extensions installed on the system, but do require the signature for those that are installed by browser itself." [1]
Shipping signed extensions in Debian packages is no options, because
then we could only ship unmodified, pre-build extensions. That
contradicts the Debian Free Software Guidelines (DFSG) #3 and signed
extensions are not the preferred source for modification.
So, please allow unsigned extensions installed in the system
directory. Debian already applied a patch for it (see Debian bug
#800150). Everyone having write access to the system directory would
probably also have access to the files of Firefox and could tinker
with it.
This severity of this bug will raise when Mozilla will reject unsigned
extensions (planned for Firefox 44).
[1] https://bugs.debian.org/800150
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1532484/+subscriptions
References