Closed Bug 1109323 Opened 10 years ago Closed 10 years ago

Firefox for Android releases are not GPG-signed

Categories

(Release Engineering :: Release Automation, defect)

x86_64
Linux
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED DUPLICATE of bug 661878

People

(Reporter: bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 Build ID: 20141127110442 Steps to reproduce: Visit https://ftp.mozilla.org/pub/mozilla.org/mobile/releases/34.0/. Actual results: No SHA512SUMS / SHA512SUMS.asc is present. Expected results: There should be SHA512SUMS / SHA512SUMS.asc files so users can verify downloaded APKs using GPG.
Coop is this a dupe of bug 661878? We don't want users on the ftp builds. They don't have an update mechanism, we suggest f-droid as a place to get the app for people who want to avoid Google. https://f-droid.org/repository/browse/?fdfilter=firefox&fdid=org.mozilla.firefox
Component: General → Release Automation
Flags: needinfo?(coop)
Product: Firefox for Android → Release Engineering
QA Contact: bhearsum
Version: Firefox 34 → unspecified
(In reply to Kevin Brosnan [:kbrosnan] from comment #1) > Coop is this a dupe of bug 661878? Duped. > We don't want users on the ftp builds. They don't have an update mechanism, > we suggest f-droid as a place to get the app for people who want to avoid > Google. > https://f-droid.org/repository/browse/?fdfilter=firefox&fdid=org.mozilla. > firefox We want a signature internally to verify downloads as well, so I don't think there's any harm in providing the signature if we aren't going to hide the builds.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Flags: needinfo?(coop)
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.