Closed
Bug 1123918
Opened 9 years ago
Closed 9 years ago
Ignore sideloaded add-ons that aren't signed (if the pref is off) or have broken signing
Categories
(Toolkit :: Add-ons Manager, defect)
Toolkit
Add-ons Manager
Tracking
()
RESOLVED
FIXED
People
(Reporter: mossop, Unassigned)
References
Details
When prompting the user about sideloaded add-ons we need to respect the signed status of the add-on. We may want to switch to the same UI being added in bug 1123914 but it is unclear how well a doorhanger works for this case.
Reporter | ||
Updated•9 years ago
|
Flags: qe-verify+
Flags: firefox-backlog+
Comment 1•9 years ago
|
||
(In reply to Dave Townsend [:mossop] from comment #0) > When prompting the user about sideloaded add-ons we need to respect the > signed status of the add-on. If it's unsigned (and the dev pref not flipped) we should just reject/ignore the add-on, no need to prompt. When we do prompt it's because we're about to install the add-on and the signature is good (in the normal case). At least initially who signed it is uninteresting because it will always be us. Things are slightly more interesting if the dev pref is enabled (signing not required) and it's an unsigned, side-loaded addon. Developers may want to know if something's unsigned in case some other add-on slips onto their development box. In the (far?) future if we issue signing certs to organizations it may be useful to distinguish Mozilla-signed (reviewed or scanned to at least some level) from others. We'll want to fix this eventually but it's not a blocker for the first iteration we ship.
Reporter | ||
Comment 2•9 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #1) > (In reply to Dave Townsend [:mossop] from comment #0) > > When prompting the user about sideloaded add-ons we need to respect the > > signed status of the add-on. > > If it's unsigned (and the dev pref not flipped) we should just reject/ignore > the add-on, no need to prompt. When we do prompt it's because we're about to > install the add-on and the signature is good (in the normal case). At least > initially who signed it is uninteresting because it will always be us. > > Things are slightly more interesting if the dev pref is enabled (signing not > required) and it's an unsigned, side-loaded addon. Developers may want to > know if something's unsigned in case some other add-on slips onto their > development box. In the (far?) future if we issue signing certs to > organizations it may be useful to distinguish Mozilla-signed (reviewed or > scanned to at least some level) from others. > > We'll want to fix this eventually but it's not a blocker for the first > iteration we ship.
Summary: Support signing info for the installation UI for sideloaded add-ons → Ignore sideloaded add-ons that aren't signed (if the pref is off) or have broken signing
Reporter | ||
Comment 3•9 years ago
|
||
[Tracking Requested - why for this release]: First two stages of add-ons signing work are targeted at Firefox 39.
tracking-firefox39:
--- → ?
Updated•9 years ago
|
tracking-firefox39:
? → ---
Reporter | ||
Comment 4•9 years ago
|
||
Fixed by bug 1038068 (for packed add-ons only until bug 1038072 is fixed)
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•