Closed Bug 1217959 Opened 4 years ago Closed 4 years ago
Need to use a 'permitted-list' for handling certificates when opening signed packages for reviewers
The path used for the resolution of bug 1213919 seems to be incorrect. In https://mxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#3726, the reviewer certs are associated with the root "/reviewers/" which is true for webapps, but not for add-ons. This is currently blocking reviewer approval of submitted add-ons for 2.5. Fabrice suggested a permitted list instead of additional hard-coding. The whitelist to pick reviewer certs in Gecko seems wrong: https://dxr.mozilla.org/mozilla-central/source/b2g/app/b2g.js#1071 https://dxr.mozilla.org/mozilla-central/source/dom/apps/Webapps.jsm#3746 Instead of whitelisting "/reviewers/,/content/addon/review/" it should whitelist "/reviewers/,/extension/reviewers/", since it's the manifest that needs to be whitelisted, not the install origin.
blocking-b2g: --- → 2.5+
feature-b2g: --- → 2.5+
Hey Fabrice, any ideas on who's team this would need help from?
If the only change is to update the pref to "/reviewers/,/extension/reviewers/" that's a totally trivial change.
Is this bug not the same as Bug 1213919 ?
It's a fix on 1213919.
You need to log in before you can comment on or make changes to this bug.