(Hidden by Administrator)
Bug 1267318 Comment 14 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Dana Keeler [:keeler] (use needinfo?) from comment #13) > This is a fragile solution, but I guess that's where we are right now. Also, > this would benefit from tests. The tests turned off in bug 1267012 will cover this once we re-enable them. > > + // on the signing systems. We also have a revocation mechanism if we > > Unfortunately, for app signature verification we don't do revocation > checking - AppTrustDomain::CheckRevocation and ::IsChainValid (i.e. the > functions that would be doing the revocation checking) don't do anything. Technically true, but the blocklist is effectively revocation. At least for add-ons--doesn't help Marketplace Apps which presumably suffer the same issue.