Closed
Bug 1217959
Opened 9 years ago
Closed 9 years ago
Need to use a 'permitted-list' for handling certificates when opening signed packages for reviewers
Categories
(Core Graveyard :: DOM: Apps, defect, P1)
Core Graveyard
DOM: Apps
Tracking
(blocking-b2g:2.5+, feature-b2g:2.5+, firefox44 fixed)
Tracking | Status | |
---|---|---|
firefox44 | --- | fixed |
People
(Reporter: ddurst, Unassigned)
References
Details
The path used for the resolution of bug 1213919 seems to be incorrect. In https://mxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#3726, the reviewer certs are associated with the root "/reviewers/" which is true for webapps, but not for add-ons. This is currently blocking reviewer approval of submitted add-ons for 2.5. Fabrice suggested a permitted list instead of additional hard-coding. The whitelist to pick reviewer certs in Gecko seems wrong: https://dxr.mozilla.org/mozilla-central/source/b2g/app/b2g.js#1071 https://dxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#3746 Instead of whitelisting "/reviewers/,/content/addon/review/" it should whitelist "/reviewers/,/extension/reviewers/", since it's the manifest that needs to be whitelisted, not the install origin.
Updated•9 years ago
|
blocking-b2g: --- → 2.5+
feature-b2g: --- → 2.5+
Comment 1•9 years ago
|
||
Hey Fabrice, any ideas on who's team this would need help from?
Flags: needinfo?(fabrice)
Comment 2•9 years ago
|
||
If the only change is to update the pref to "/reviewers/,/extension/reviewers/" that's a totally trivial change.
Flags: needinfo?(fabrice)
Comment 4•9 years ago
|
||
Is this bug not the same as Bug 1213919 ?
Reporter | ||
Comment 5•9 years ago
|
||
It's a fix on 1213919.
Comment 6•9 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/172b1a3f267f
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox44:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla44
Updated•9 years ago
|
Status: RESOLVED → VERIFIED
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•