[Bug 1532484] [NEW] Don't warn about unsigned extension installed via Debian packages
Benjamin Drung
bdrung at posteo.de
Sat Jan 9 21:23:33 UTC 2016
Public bug reported:
"Mozilla is in the progress of requiring extensions to be signed, which I think is a good thing. However, for Debian packages we
already have it signed by the Developer uploading it, I see no need to have Mozilla also sign it. I suggest we don't warn / disable about extensions installed on the system, but do require the signature for those that are installed by browser itself." [1]
Shipping signed extensions in Debian packages is no options, because
then we could only ship unmodified, pre-build extensions. That
contradicts the Debian Free Software Guidelines (DFSG) #3 and signed
extensions are not the preferred source for modification.
So, please allow unsigned extensions installed in the system directory.
Debian already applied a patch for it (see Debian bug #800150). Everyone
having write access to the system directory would probably also have
access to the files of Firefox and could tinker with it.
This severity of this bug will raise when Mozilla will reject unsigned
extensions (planned for Firefox 44).
[1] https://bugs.debian.org/800150
** Affects: firefox (Ubuntu)
Importance: High
Status: New
** Affects: iceweasel (Debian)
Importance: Unknown
Status: Unknown
** Changed in: firefox (Ubuntu)
Importance: Undecided => High
** Bug watch added: Debian Bug tracker #800150
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800150
** Also affects: iceweasel (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800150
Importance: Unknown
Status: Unknown
--
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1532484
Title:
Don't warn about unsigned extension installed via Debian packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1532484/+subscriptions
More information about the Ubuntu-mozillateam-bugs
mailing list