[HTTPS-Everywhere] New release: 5.1.1 (AMO signature temporarily gone again)

Jacob Hoffman-Andrews jsha at eff.org
Wed Aug 26 18:03:54 PDT 2015 

It looks like the issue was caused by pulling in some different
translations when I built the release version after including the
META-INF files.

Because it takes about two days to get a fresh signature from Mozilla, I
decided to re-build 5.1.1 in place after correcting the issue. If your
browser did not update yet, it should auto-update to the fixed 5.1.1,
and you'll have a good AMO signature. If your browser auto-updated
during the last hour or so, you will have a good, functional copy of
HTTPS Everywhere, but Firefox will display the warning message about
signatures.

In the interests of transparency, I've saved a copy of the broken
version at https://www.eff.org/files/https-everywhere-eff-5.1.1-badsig.xpi.

On 08/26/2015 05:41 PM, Jacob Hoffman-Andrews wrote:
> Hi all,
>
> I rolled a new release, 5.1.1. This release contains mostly ruleset
> updates. The main reason I wanted to roll a new release so soon after
> 5.1.0 was to test our release and updating mechanisms after the change
> in updateURL that shipped in 5.1.0. Changing the id and filename of the
> extension caused a surprising number of knock-on effects in our build
> system!
>
> So, the good news 5.1.1 is released and your browser should auto-update.
> The bad news is that Firefox once again treats it as unsigned, even
> though the XPI includes the META-INF/ files that comprise the signature.
> We release our self-hosted version in a somewhat unusual way. Rather
> than just using the signed XPI we receive from AMO, we extract the
> signature components (three files under META-INF/), check them into the
> HTTPS Everywhere repository, tag the commit, and build from there. This
> allows us to have reproducible builds: in theory anyone checking out the
> same tag, and using the same versions of the same tools (esp. sqlite),
> will get a byte-for-byte equal version of the extension. Unfortunately
> in this case something seems to have gone wrong. I'm investigating why
> at the moment, and there should be another release soon.
>
> Thanks,
> Jacob
> _______________________________________________
> HTTPS-Everywhere mailing list
> HTTPS-Everywhere at lists.eff.org
> https://lists.eff.org/mailman/listinfo/https-everywhere

More information about the HTTPS-Everywhere mailing list