Closed Bug 1047270 Opened 5 years ago Closed 5 years ago
Sign all existing addons
we may simply be able to re-use the mechanism developed for bug 1047261, but somehow we have to process all existing add-ons and sign every one that is compatible with current versions of Firefox. Open question whether we need to sign old versions or if we can get away with signing only the most recent of each. If we don't sign them they could only be used in "developer" versions of Firefox which might be good enough.
I think we can do without signing the old versions. On the other hand, if it doesn't make the process much more difficult or slow, it should be fine to sign all reviewed add-on versions.
I would actually greatly prefer old addon versions not be touched, and I'm sure there are at least a few other addon developers that would agree. I'd actually vote against signing existing addon files and require new submissions for signing, but limiting auto-signing to current reviewed versions seems fine if this route is taken.
I think that we should be signing all current versions. It may be tricky from an infra perspective, though, since our current CDN storage scheme would not allow us to give the files different names without also bumping the version number, and the CDNs do not react well to us changing file contents without also changing the file name. We would also need to bump the version number to allow the add-on manager to pull updates to signed versions. Bumping the version number would be feasible for the latest version. It would not be feasible for older versions.
(In reply to Kris Maglione [:kmag] from comment #3) > Bumping the version number would be feasible for the latest version. It > would not be feasible for older versions. Bumping the version numbers could still be dangerous for any versions. Some addons use/check their version number for various reasons, first-run pages and migrations being the prime example. There's also a wide variety of versioning schemes within the valid format range, so auto-bumping all addons' versions could be dangerous.
I'm not especially concerned about that. We've done mass repacks with version number bumps in the past. We can also send out a warning email to authors who haven't updated since signing was implemented that their add-ons will be auto-signed if they don't update them. As for the versioning schemes, we would add a .1 component to whatever the existing version rather than incrementing an existing component where that's an option. For the other cases, we'll probably be forced to increment something.
We can flush CDNs so modifying existing add-ons shouldn't be a problem. Doing that won't update add-ons currently installed on clients (ie. they won't see updates since the versions don't change), but would send signed add-ons to anyone downloading add-ons. I'm going to close this as a duplicate of the implementation bug for signing all add-ons. Please see https://wiki.mozilla.org/AMO/SigningService for the current plan and bugs.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1070227
The CDN issue is only one part of the problem. We definitely need to push updates to existing users so that their installed versions don't get disabled.
Ok, I've added that as an open question to that wiki page. Let's talk about it next week. Also, if there are other requirements like that please make a list so we don't have surprises in the implementation.
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.