Open Bug 1341397 Opened 8 years ago Updated 2 years ago

Distribute binary transparency information with releases

Tracking

()

Status:

NEW

People

(Reporter: rbarnes, Unassigned)

References

(Blocks 1 open bug)

Details

Richard Barnes [:rbarnes]

Reporter

Description

•

8 years ago

For each release, need to provide: * Certificate including a Merkle tree head for the release * Proof that the certificate has been publicly logged (Inclusion proof / SCT) For each file in the release, need to provide: * Inclusion proof to the Merkle tree head

Richard Barnes [:rbarnes]

Reporter

Updated

•

8 years ago

Blocks: BinaryTransparency

Daniel Veditz [:dveditz]

Updated

•

7 years ago

Priority: -- → P3

Nick Thomas [:nthomas] (UTC+12)

Comment 1

•

7 years ago

Is the intention that these things need to be in the releases directory, like https://archive.mozilla.org/pub/firefox/releases/59.0.1/ ? The inclusion proofs are present in SHA256SUMMARY.

Tom Ritter [:tjr]

Comment 2

•

7 years ago

I think it would be great if we could include the x509 cert (the full chain, just one file). That would be really convenient. But the rest, no we don't need to put those in the release directory. I think the intent for this bug was to document what we needed to include in the update.xml file.

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Distribute binary transparency information with releases

Categories

(Firefox :: Security, defect, P3)

Tracking

()

People

(Reporter: rbarnes, Unassigned)

References

(Blocks 1 open bug)

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 1

Comment 2

Updated