[Bug 1532484] [NEW] Don't warn about unsigned extension installed via Debian packages

Benjamin Drung bdrung at posteo.de
Sat Jan 9 21:23:33 UTC 2016


Public bug reported:

"Mozilla is in the progress of requiring extensions to be signed, which I think is a good thing.  However, for Debian packages we
already have it signed by the Developer uploading it, I see no need to have Mozilla also sign it.  I suggest we don't warn / disable about extensions installed on the system, but do require the signature for those that are installed by browser itself." [1]

Shipping signed extensions in Debian packages is no options, because
then we could only ship unmodified, pre-build extensions. That
contradicts the Debian Free Software Guidelines (DFSG) #3 and signed
extensions are not the preferred source for modification.

So, please allow unsigned extensions installed in the system directory.
Debian already applied a patch for it (see Debian bug #800150). Everyone
having write access to the system directory would probably also have
access to the files of Firefox and could tinker with it.

This severity of this bug will raise when Mozilla will reject unsigned
extensions (planned for Firefox 44).

[1] https://bugs.debian.org/800150

** Affects: firefox (Ubuntu)
     Importance: High
         Status: New

** Affects: iceweasel (Debian)
     Importance: Unknown
         Status: Unknown

** Changed in: firefox (Ubuntu)
   Importance: Undecided => High

** Bug watch added: Debian Bug tracker #800150
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800150

** Also affects: iceweasel (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800150
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to firefox in Ubuntu.
https://bugs.launchpad.net/bugs/1532484

Title:
  Don't warn about unsigned extension installed via Debian packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/1532484/+subscriptions



More information about the Ubuntu-mozillateam-bugs mailing list