Closed Bug 1141068 Opened 10 years ago Closed 10 years ago

bogus File.can_be_signed method returns True for each xpi file

Tracking

(Not tracked)

Status:

RESOLVED FIXED

Milestone:

2015-04

People

(Reporter: magopian, Assigned: magopian)

Details

(Whiteboard: [qa-])

Mathieu Agopian [:magopian]

Assignee

Description

•

10 years ago

We only want to sign extensions, not all the files that have a ".xpi" extension. For example, complete themes also use the ".xpi" extension, but shouldn't be signed. STR: 1/ submit a complete theme 2/ grant it a review (full or preliminary) 3/ download the file, unzip it 4/ verify that it's signed (but it shouldn't): there's the three files zigbert.sf, zigbert.rsa and manifest.mf in the META-INF folder

Mathieu Agopian [:magopian]

Assignee

Comment 1

•

10 years ago

PR: https://github.com/mozilla/olympia/pull/471

Assignee: nobody → mathieu

Mathieu Agopian [:magopian]

Assignee

Comment 2

•

10 years ago

Fixed in https://github.com/mozilla/olympia/commit/2845a406ae393a4c14a7c71dc82fe6ccafdc2294

Status: NEW → RESOLVED

Closed: 10 years ago

Resolution: --- → FIXED

Mathieu Agopian [:magopian]

Assignee

Updated

•

10 years ago

Whiteboard: [qa-]

Nobody; OK to take it and work on it

Updated

•

9 years ago

Product: addons.mozilla.org → addons.mozilla.org Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

bogus File.can_be_signed method returns True for each xpi file

Categories

(addons.mozilla.org Graveyard :: Admin/Editor Tools, defect)

Tracking

(Not tracked)

People

(Reporter: magopian, Assigned: magopian)

References

Details

(Whiteboard: [qa-])

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated

Updated