Closed Bug 1167652 Opened 9 years ago Closed 9 years ago

Turn on extension signing requirements by default

Categories

(Toolkit :: Add-ons Manager, defect, P1)

defect

Tracking

()

VERIFIED FIXED
mozilla42
Tracking Status
firefox40 - wontfix
firefox41 + verified
firefox42 --- verified
relnote-firefox --- 41+

People

(Reporter: mossop, Assigned: mossop)

References

Details

(Whiteboard: [hijacking][fxsearch])

Attachments

(1 file, 1 obsolete file)

The plan is to turn this on around June 15th for Firefox 40 and later versions, that means an uplift to aurora at least.
Attached patch patch (obsolete) — Splinter Review
Not planning on landing yet but might as well have the patch ready to go whenever we want.
Assignee: nobody → dtownsend
Status: NEW → ASSIGNED
Attachment #8613559 - Flags: review?(dveditz)
Looks good for Firefox, but I thought we were not going to require signing on mobile at this point. Larissa, what's the plan for Fennec?
Flags: needinfo?(lshapiro)
The plan changed recently and we're getting it for android too, see bug 1168570 and dependencies
yes, we're doing this for android as discussed.
Comment on attachment 8613559 [details] [diff] [review]
patch

r=dveditz
Attachment #8613559 - Flags: review?(dveditz) → review+
Flags: qe-verify+
Flags: needinfo?(lshapiro)
Flags: firefox-backlog+
Whiteboard: [hijacking][fxsearch]
Rank: 9
Priority: -- → P1
We're no longer tracking this for Firefox 40.
Attached patch patchSplinter Review
I only landed the pref change for Firefox not mobile since AMO hasn't yet enabled signing for mobile only add-ons.
Attachment #8613559 - Attachment is obsolete: true
Attachment #8641751 - Flags: review+
Comment on attachment 8641751 [details] [diff] [review]
patch

Per the signed add-ons meeting we want to enable this on aurora and hopefully have the ride to beta at the next merge.

Approval Request Comment
[Feature/regressing bug #]: Signed add-ons
[User impact if declined]: Users will be able to use unsigned add-ons by default
[Describe test coverage new/current, TreeHerder]: Automated tests for signed add-ons have been in nightly for a couple of months
[Risks and why]: This will disable add-ons not hosted on AMO that have yet to be signed
[String/UUID change made/needed]: None
Attachment #8641751 - Flags: approval-mozilla-aurora?
https://hg.mozilla.org/mozilla-central/rev/cb1cfa8cff27
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Comment on attachment 8641751 [details] [diff] [review]
patch

Let's turn on Add-ons signing to required by default in Aurora. End-users can pref-off if they'd like.
Attachment #8641751 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Dave, do you think this is something we need to add to FF41 release notes? If yes, please nominate by setting relnote-firefox -> "?" and filling out suggested wording, etc. Thanks!
Flags: needinfo?(dtownsend)
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #14)
> https://hg.mozilla.org/releases/mozilla-aurora/rev/2ea47c7ed4e3

I think yes but I'm going to defer to Kev on wording.

Release Note Request (optional, but appreciated)
[Why is this notable]: Some user's add-ons will be disabled by default
[Suggested wording]: Add-ons that haven't been verified by Mozilla will be disabled by default.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
relnote-firefox: --- → ?
Flags: needinfo?(dtownsend) → needinfo?(kev)
Depends on: 1190834
Like Dave's wording, would also add link to how to pref it off.

Release Note Request (optional, but appreciated)
[Why is this notable]: Some user's add-ons will be disabled by default
[Suggested wording]: Type 2 Add-ons (Extensions) that have not been verified by Mozilla will be disabled by default. Users can re-enable unverified addons by setting xpinstall.signatures.required to "false". Future versions of Firefox will remove this preference.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
Flags: needinfo?(kev)
The "Target Milestone" says 42 while the tracking flags says 41. Which one if the correct one? Thanks
Flags: needinfo?(dtownsend)
(In reply to Sylvestre Ledru [:sylvestre] from comment #17)
> The "Target Milestone" says 42 while the tracking flags says 41. Which one
> if the correct one? Thanks

It landed in Nightly 42 and was uplifted to 41, so the target milestone is correct unless we've changed what that means
Flags: needinfo?(dtownsend)
Added relnote to FF41 in nucleus. I've trimmed the suggested wording as release notes are typically one-liners with links for further reading.
Pref xpinstall.signatures.required is set to true by default in Firefox 42.0a2 (2015-08-20) and Firefox 41 beta 3 (20150820142145). Verified fixed under Ubuntu 14.04 32-bit, Windows 7 64-bit and Mac OS X 10.10.4.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: