Replacing my cc with one for :oremj, who wrote and committed what appears to be the majority of the SHA1 code for bouncer. Note that one *possible* outcome for this bug is that we already minimize the number of people we send to the downlevel version, for reasons not yet made apparent here.
Would this affect Server 2008 as well?
(In reply to Ben Hearsum (:bhearsum) from comment #2) > Would this affect Server 2008 as well? Good catch: yes, it does, which means that users of Server 2008 without the relevant update cannot currently run the installer they get when clicking on the download button on https://www.mozilla.org/firefox/new/. The main use case I can think of for this would be for admins of windows terminal services, which are hopefully up to date with the security upgrades needed to run the SHA-256 signed installer they're currently getting, but it may be worth investigating.  https://support.microsoft.com/en-us/kb/2763674
You need to log in before you can comment on or make changes to this bug.