[HTTPS-Everywhere] New release: 5.1.1 (AMO signature temporarily gone again)
Alexander Buchner
alexander.buchner at posteo.de
Thu Aug 27 01:38:24 PDT 2015
On 27.08.2015 02:41, Jacob Hoffman-Andrews wrote:
> Hi all,
>
> I rolled a new release, 5.1.1. This release contains mostly ruleset
> updates. The main reason I wanted to roll a new release so soon after
> 5.1.0 was to test our release and updating mechanisms after the change
> in updateURL that shipped in 5.1.0. Changing the id and filename of the
> extension caused a surprising number of knock-on effects in our build
> system!
>
> So, the good news 5.1.1 is released and your browser should auto-update.
> The bad news is that Firefox once again treats it as unsigned, even
> though the XPI includes the META-INF/ files that comprise the signature.
> We release our self-hosted version in a somewhat unusual way. Rather
> than just using the signed XPI we receive from AMO, we extract the
> signature components (three files under META-INF/), check them into the
> HTTPS Everywhere repository, tag the commit, and build from there. This
> allows us to have reproducible builds: in theory anyone checking out the
> same tag, and using the same versions of the same tools (esp. sqlite),
> will get a byte-for-byte equal version of the extension. Unfortunately
> in this case something seems to have gone wrong. I'm investigating why
> at the moment, and there should be another release soon.
>
> Thanks,
> Jacob
Is this update also coming to Chrome?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150827/f869a1be/attachment.sig>
More information about the HTTPS-Everywhere
mailing list