Bugzilla

(In reply to Dana Keeler [:keeler] (use needinfo?) from comment #13)
> This is a fragile solution, but I guess that's where we are right now. Also,
> this would benefit from tests.

The tests turned off in bug 1267012 will cover this once we re-enable them.

> > +    // on the signing systems. We also have a revocation mechanism if we
> 
> Unfortunately, for app signature verification we don't do revocation
> checking - AppTrustDomain::CheckRevocation and ::IsChainValid (i.e. the
> functions that would be doing the revocation checking) don't do anything.

Technically true, but the blocklist is effectively revocation. At least for add-ons--doesn't help Marketplace Apps which presumably suffer the same issue.