[HTTPS-Everywhere] Firefox to require extensions be signed by addons.mozilla.org
Claudio Moretti
flyingstar16 at gmail.com
Sat Feb 14 04:37:31 PST 2015
On Tue, Feb 10, 2015 at 11:23 PM, Ronnie <mrwislr at riseup.net> wrote:
> Then this will kill converting firefox extensions to work with Seamonkey.
>
Not yet :)
Signature verification will be limited to Firefox, and there are no plans
> to implement this in Thunderbird or SeaMonkey at the moment.
>
@Jacob, regarding the signature verification, Yan opened
https://bugzilla.mozilla.org/show_bug.cgi?id=999014
which got closed as RESOLVED WONTFIX. Three days ago, Jesse Ruderman
pitched this idea:
Could you allow the extension to say "updates must be signed by both
> Mozilla and EFF"? Then you don't have to make an exception to the "updates
> must be signed by Mozilla" rule, and EFF's addons can have the additional
> security that comes from their separate airgapped infrastructure.
And I agree with Yan in saying that it would fulfill our use case. Do you
believe we have a way of pushing this? (which, as of now, it's not even
being looked at)
Claudio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/https-everywhere/attachments/20150214/048a40c5/attachment.html>
More information about the HTTPS-Everywhere
mailing list