Signing severity is stripped from validator messages in internal JARs.

RESOLVED FIXED

Status

--
critical
RESOLVED FIXED
4 years ago
3 years ago

People

(Reporter: kmag, Assigned: kmag)

Tracking

Details

(Assignee)

Description

4 years ago
Due to the way messages are propagated from internal JAR files to the top-level XPI, the `signing_severity` field is stripped out, and the warnings do not prevent the add-on from being signed.
(Assignee)

Comment 1

4 years ago
Correction: The messages are still counted in the `signing_summary`, so they should still prevent validation. But the signing severity is not shown in the validator output, which is still likely to cause problems.
Fixed in https://github.com/mozilla/amo-validator/commit/00d920eb046792b4403b001e77b129ca58b51ef8

Thanks Kris!
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Updated

4 years ago
Group: addons-security
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.