Closed
Bug 1070192
Opened 10 years ago
Closed 9 years ago
Add documentation around add-on signing to MDN
Categories
(addons.mozilla.org Graveyard :: Code Quality, defect, P2)
addons.mozilla.org Graveyard
Code Quality
Tracking
(Not tracked)
RESOLVED
FIXED
44.2
People
(Reporter: clouserw, Assigned: jorgev)
References
Details
(Whiteboard: [qa-])
We should add documentation around add-on signing to MDN. Off the top of my head, this should include:
* Policies around signing
* Expectations for self-hosting (namely, you would host after we sign it, you wouldn't download a key from us and sign it yourself)
* What the meta-inf directory is doing in your add-on .zip. What happens if you change it or it already exists when you upload.
* Blocklisting changes
There are probably more.
Tentatively assigning to Jorge, because I don't know who else would own this.
|
Assignee | |
Comment 1•9 years ago
|
||
Most of this is covered here: https://developer.mozilla.org/en-US/Add-ons/Distribution, but there are still a few things missing.
|
||
Comment 2•9 years ago
|
||
Anything we can do to help on the missing bits?
|
||
Comment 3•9 years ago
|
||
Things that are missing from the docs:
- switching unlisted/listed: https://bugzilla.mozilla.org/show_bug.cgi?id=1172696#c26 (the part explaining that an add-on can switch needs to be modified)
- multi-package XPIs aren't signed, but their inner extensions needs to be: https://bugzilla.mozilla.org/show_bug.cgi?id=1184008#c11
- an entry about what can be auto-validated:
- only unlisted add-ons that aren't sideloaded
- if they don't have warnings with signing severity attached higher than trivial)
- if they do have any of those, they'll need a first manual review, and the reviewer might flag some of those warnings as ignorable for future updates
- the part explaining that beta versions are only signed if they pass auto validation isn't correct anymore (all beta versions are automatically signed)
|
|
Assignee | |
Comment 4•9 years ago
|
||
The first and part of the third point are now addressed in https://developer.mozilla.org/en-US/Add-ons/Distribution. The remaining bits are too edge-casy to try to explain in detail to someone looking for general information, IMO.
The second point is now addressed here: https://developer.mozilla.org/en-US/docs/Multiple_Item_Packaging#Signing
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → 44.2
|
|
Assignee | |
Comment 5•9 years ago
|
||
I was referring to comment #3, not comment #0, by the way.
|
|
Assignee | |
Updated•9 years ago
|
Whiteboard: [qa-]
|
||
Updated•9 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•