Closed Bug 1004571 Opened 5 years ago Closed 5 years ago

support add-on hot fixes

Categories

(Firefox for Android :: General, defect)

All
Android
defect
Not set

Tracking

()

RESOLVED FIXED
Firefox 33
Tracking Status
firefox32 --- fixed
firefox33 --- fixed
fennec 32+ ---

People

(Reporter: blassey, Assigned: wesj)

Details

Attachments

(1 file)

No description provided.
OS: Mac OS X → Android
Hardware: x86 → All
tracking-fennec: ? → 32+
OS: Android → Mac OS X
Hardware: All → x86
OS: Mac OS X → Android
Hardware: x86 → All
Assignee: nobody → wjohnston
Attached patch PatchSplinter Review
Attachment #8430345 - Flags: review?(standard8)
I think this is all we'd really need (based on bug 914225), but I need to test it locally. I think we (like TB) can probably use the same cert Desktop is using eventually. I wonder if there's a better way to keep the fingerprints in sync.
Comment on attachment 8430345 [details] [diff] [review]
Patch

Not sure I can officially review here, but it looks good to me.
Attachment #8430345 - Flags: review?(standard8) → feedback+
(In reply to Wesley Johnston (:wesj) from comment #4)
> https://hg.mozilla.org/integration/fx-team/rev/c14df983ff08
> 
> Do we want to uplift this?

Yes. Aurora should be fine. If it's really safe, then Beta too. Hotfix add-ons give us a way to tweak releases, so sooner this is released the better.
https://hg.mozilla.org/mozilla-central/rev/c14df983ff08
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 33
Comment on attachment 8430345 [details] [diff] [review]
Patch

[Approval Request Comment]
Bug caused by (feature/regressing bug #): Not a regression
User impact if declined: We can't send hotfixes
Testing completed (on m-c, etc.): This is on nightly now, but hasn't been used yet. Its the exact same code (and even the same signing key) desktop uses though. It would give us a nice non-chem-spill option a little quicker to uplift it.
Risk to taking this patch (and alternatives if risky): If the security key was ever compromised, hotfixes could be used to do some awful stuff. The exact same risk exists on desktop right now. 
String or IDL/UUID changes made by this patch: none.
Attachment #8430345 - Flags: approval-mozilla-aurora?
Attachment #8430345 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
You need to log in before you can comment on or make changes to this bug.