Closed Bug 754294 Opened 12 years ago Closed 9 years ago

Automate signing of hotfix XPIs

Categories

(Release Engineering :: General, defect, P3)

Product:
Release Engineering
Component:
General
Platform:
x86
Linux
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: coop, Unassigned)

References

Details

(Whiteboard: [signing][xpi]) 

The security team would like us to get rid of keymaster, but we still rely on keymaster to sign Thunderbird releases (bug 730328) and hotfix XPIs.

We should find a way to automate the signing of hotfix XPIs using the new linux signing servers, possibly by using some kind of dropbox-type utility.
Depends on: 759180
Priority: -- → P3
Product: mozilla.org → Release Engineering
I'm hoping that the new AMO signing infra will start signing hotfixes...
Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by the AMO infra from now? If that's the case, I think it means that there's no need for RelEng to maintain XPI signing certs.
Flags: needinfo?(dtownsend)
(In reply to Ben Hearsum [:bhearsum] from comment #2)
> Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by
> the AMO infra from now? If that's the case, I think it means that there's no
> need for RelEng to maintain XPI signing certs.

That is correct yes.
Flags: needinfo?(dtownsend)
(In reply to Dave Townsend [:mossop] from comment #3)
> (In reply to Ben Hearsum [:bhearsum] from comment #2)
> > Mossop, am I reading bug 1151537 correctly that hotfixes will be signed by
> > the AMO infra from now? If that's the case, I think it means that there's no
> > need for RelEng to maintain XPI signing certs.
> 
> That is correct yes.

Thanks!
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Component: General Automation → General
You need to log in before you can comment on or make changes to this bug.