[HTTPS-Everywhere] New release: 5.1.1 (AMO signature temporarily gone again)
Jacob Hoffman-Andrews
jsha at eff.org
Wed Aug 26 17:41:25 PDT 2015
Hi all,
I rolled a new release, 5.1.1. This release contains mostly ruleset
updates. The main reason I wanted to roll a new release so soon after
5.1.0 was to test our release and updating mechanisms after the change
in updateURL that shipped in 5.1.0. Changing the id and filename of the
extension caused a surprising number of knock-on effects in our build
system!
So, the good news 5.1.1 is released and your browser should auto-update.
The bad news is that Firefox once again treats it as unsigned, even
though the XPI includes the META-INF/ files that comprise the signature.
We release our self-hosted version in a somewhat unusual way. Rather
than just using the signed XPI we receive from AMO, we extract the
signature components (three files under META-INF/), check them into the
HTTPS Everywhere repository, tag the commit, and build from there. This
allows us to have reproducible builds: in theory anyone checking out the
same tag, and using the same versions of the same tools (esp. sqlite),
will get a byte-for-byte equal version of the extension. Unfortunately
in this case something seems to have gone wrong. I'm investigating why
at the moment, and there should be another release soon.
Thanks,
Jacob
More information about the HTTPS-Everywhere
mailing list