Add documentation around add-on signing to MDN

RESOLVED FIXED in 44.2

Status

P2
normal
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: clouserw, Assigned: jorgev)

Tracking

unspecified
44.2

Details

(Whiteboard: [qa-])

(Reporter)

Description

4 years ago
We should add documentation around add-on signing to MDN.  Off the top of my head, this should include:

* Policies around signing
* Expectations for self-hosting (namely, you would host after we sign it, you wouldn't download a key from us and sign it yourself)
* What the meta-inf directory is doing in your add-on .zip.  What happens if you change it or it already exists when you upload.
* Blocklisting changes

There are probably more.

Tentatively assigning to Jorge, because I don't know who else would own this.
(Assignee)

Comment 1

3 years ago
Most of this is covered here: https://developer.mozilla.org/en-US/Add-ons/Distribution, but there are still a few things missing.

Comment 2

3 years ago
Anything we can do to help on the missing bits?
Things that are missing from the docs: 
- switching unlisted/listed: https://bugzilla.mozilla.org/show_bug.cgi?id=1172696#c26 (the part explaining that an add-on can switch needs to be modified)
- multi-package XPIs aren't signed, but their inner extensions needs to be: https://bugzilla.mozilla.org/show_bug.cgi?id=1184008#c11
- an entry about what can be auto-validated:
   - only unlisted add-ons that aren't sideloaded
   - if they don't have warnings with signing severity attached higher than trivial)
   - if they do have any of those, they'll need a first manual review, and the reviewer might flag some of those warnings as ignorable for future updates
   - the part explaining that beta versions are only signed if they pass auto validation isn't correct anymore (all beta versions are automatically signed)
(Assignee)

Comment 4

3 years ago
The first and part of the third point are now addressed in https://developer.mozilla.org/en-US/Add-ons/Distribution. The remaining bits are too edge-casy to try to explain in detail to someone looking for general information, IMO.

The second point is now addressed here: https://developer.mozilla.org/en-US/docs/Multiple_Item_Packaging#Signing
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 44.2
(Assignee)

Comment 5

3 years ago
I was referring to comment #3, not comment #0, by the way.
(Assignee)

Updated

3 years ago
Whiteboard: [qa-]
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.