bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Consider providing a public signing API for Firefox OS apps



2 years ago
2 years ago


(Reporter: Michael Müller, Unassigned)





2 years ago
Since Marketplace no longer accepts updates or new apps, it is impossible to publish privileged apps. While for unprivileged apps (both hosted and packaged) it is possible to host them elsewhere and allow users installing them from that place, this is not possible for privileged apps, as they require a signature. This signature was previously added during the Marketplace review process, but now there is no way to obtain such a signature (at least I don't see any).

As the signature for Firefox OS apps is very similar to the one for Firefox browser add-ons (as far as I can see it's just a different certificate), it should be possible to provide a signing service for Firefox OS apps that doesn't require a review by a human; without much additional maintenance cost or severe security implications.

As a developer of Firefox OS apps I still want to write, publish and update apps, even though Firefox OS is no longer developed. This included privileged apps, so I would really appreciate a solution where I can get my apps singed.
You need to log in before you can comment on or make changes to this bug.