Closed
Bug 1167652
Opened 9 years ago
Closed 9 years ago
Turn on extension signing requirements by default
Categories
(Toolkit :: Add-ons Manager, defect, P1)
Toolkit
Add-ons Manager
Tracking
()
VERIFIED
FIXED
mozilla42
People
(Reporter: mossop, Assigned: mossop)
References
Details
(Whiteboard: [hijacking][fxsearch])
Attachments
(1 file, 1 obsolete file)
1.52 KB,
patch
|
mossop
:
review+
ritu
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
The plan is to turn this on around June 15th for Firefox 40 and later versions, that means an uplift to aurora at least.
Assignee | ||
Comment 1•9 years ago
|
||
Not planning on landing yet but might as well have the patch ready to go whenever we want.
Comment 2•9 years ago
|
||
Looks good for Firefox, but I thought we were not going to require signing on mobile at this point. Larissa, what's the plan for Fennec?
Flags: needinfo?(lshapiro)
Assignee | ||
Comment 3•9 years ago
|
||
The plan changed recently and we're getting it for android too, see bug 1168570 and dependencies
Comment 4•9 years ago
|
||
yes, we're doing this for android as discussed.
Comment 5•9 years ago
|
||
Comment on attachment 8613559 [details] [diff] [review] patch r=dveditz
Attachment #8613559 -
Flags: review?(dveditz) → review+
Assignee | ||
Updated•9 years ago
|
Flags: qe-verify+
Flags: needinfo?(lshapiro)
Flags: firefox-backlog+
Whiteboard: [hijacking][fxsearch]
Updated•9 years ago
|
Rank: 9
Priority: -- → P1
Assignee | ||
Comment 6•9 years ago
|
||
We're no longer tracking this for Firefox 40.
Assignee | ||
Comment 8•9 years ago
|
||
I only landed the pref change for Firefox not mobile since AMO hasn't yet enabled signing for mobile only add-ons.
Attachment #8613559 -
Attachment is obsolete: true
Attachment #8641751 -
Flags: review+
Assignee | ||
Comment 9•9 years ago
|
||
Comment on attachment 8641751 [details] [diff] [review] patch Per the signed add-ons meeting we want to enable this on aurora and hopefully have the ride to beta at the next merge. Approval Request Comment [Feature/regressing bug #]: Signed add-ons [User impact if declined]: Users will be able to use unsigned add-ons by default [Describe test coverage new/current, TreeHerder]: Automated tests for signed add-ons have been in nightly for a couple of months [Risks and why]: This will disable add-ons not hosted on AMO that have yet to be signed [String/UUID change made/needed]: None
Attachment #8641751 -
Flags: approval-mozilla-aurora?
Comment 10•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/cb1cfa8cff27
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Comment on attachment 8641751 [details] [diff] [review] patch Let's turn on Add-ons signing to required by default in Aurora. End-users can pref-off if they'd like.
Attachment #8641751 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Tracked for FF41.
tracking-firefox41:
--- → +
Dave, do you think this is something we need to add to FF41 release notes? If yes, please nominate by setting relnote-firefox -> "?" and filling out suggested wording, etc. Thanks!
Flags: needinfo?(dtownsend)
Assignee | ||
Comment 15•9 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #14) > https://hg.mozilla.org/releases/mozilla-aurora/rev/2ea47c7ed4e3 I think yes but I'm going to defer to Kev on wording. Release Note Request (optional, but appreciated) [Why is this notable]: Some user's add-ons will be disabled by default [Suggested wording]: Add-ons that haven't been verified by Mozilla will be disabled by default. [Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
relnote-firefox:
--- → ?
Flags: needinfo?(dtownsend) → needinfo?(kev)
Comment 16•9 years ago
|
||
Like Dave's wording, would also add link to how to pref it off. Release Note Request (optional, but appreciated) [Why is this notable]: Some user's add-ons will be disabled by default [Suggested wording]: Type 2 Add-ons (Extensions) that have not been verified by Mozilla will be disabled by default. Users can re-enable unverified addons by setting xpinstall.signatures.required to "false". Future versions of Firefox will remove this preference. [Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
Flags: needinfo?(kev)
Comment 17•9 years ago
|
||
The "Target Milestone" says 42 while the tracking flags says 41. Which one if the correct one? Thanks
Flags: needinfo?(dtownsend)
Assignee | ||
Comment 18•9 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #17) > The "Target Milestone" says 42 while the tracking flags says 41. Which one > if the correct one? Thanks It landed in Nightly 42 and was uplifted to 41, so the target milestone is correct unless we've changed what that means
Flags: needinfo?(dtownsend)
Added relnote to FF41 in nucleus. I've trimmed the suggested wording as release notes are typically one-liners with links for further reading.
Comment 20•9 years ago
|
||
Pref xpinstall.signatures.required is set to true by default in Firefox 42.0a2 (2015-08-20) and Firefox 41 beta 3 (20150820142145). Verified fixed under Ubuntu 14.04 32-bit, Windows 7 64-bit and Mac OS X 10.10.4.
You need to log in
before you can comment on or make changes to this bug.
Description
•