Closed Bug 1340299 Opened 7 years ago Closed 7 years ago

Set-up signing point for internal add-ons

Categories

(Cloud Services :: Security, defect)

Product:
Cloud Services
Component:
Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Performance Impact:none)

Status:
RESOLVED FIXED
Project Flags:
Performance Impact none

People

(Reporter: andy+bugzilla, Assigned: jvehent)

References

Details

This the service for signing the third kind of add-ons. Not the system add-on and not AMO, but those inbetween. It was decided that the certificate would be the same as with system add-ons, but it would have a different OU=.

This would enable Firefox to distinguish them in the addons manager which is required by bug 1336576 and we'll need to re-sign a bunch of the internal add-ons as noted in bug 1340295.
Do you have a deadline for this effort? It ties into Autograph 2.0 which is actively being implemented: https://github.com/mozilla-services/autograph/pull/46
Assignee: nobody → jvehent
Firefox 57 goes to Nightly in June. We'd like to resign all the internal add-ons in bug 1340295 and test out the code for 57 before then. Perhaps a stop gap solution to get us moving on that would be needed so we can do end-to-end testing.
Whiteboard: [qf]
Whiteboard: [qf] → [qf-]
Given that bug 1371825 and bug 1371824 are now working, I would call this done.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Performance Impact: --- → -
Whiteboard: [qf-]
You need to log in before you can comment on or make changes to this bug.