Obtain win32 and osx code-signing certificates for SeaMonkey binary and update signing



11 months ago
11 months ago


(Reporter: ewong, Unassigned, NeedInfo)


(Blocks: 2 bugs)

Firefox Tracking Flags

(Not tracked)




11 months ago
I am assuming that whatever certificates given to Callek from bug 736154 
probably has expired some time ago, so cloning initial bug to get
another set done/renewed.  

Gerv, would Mozilla be willing to renew the certificates on behalf
of SeaMonkey? 

+++ This bug was initially created as a clone of Bug #736154 +++

SeaMonkey would like to sign their Windows installers and updates, to enable them to support Silent Update. After discussion between Callek, John O'Duinn, Harvey, Mitchell and myself about the best way to do this, the conclusion is as follows:

1) Mozilla should obtain a suitable code signing certificate for SeaMonkey to use
2) SeaMonkey will then be given this certificate to manage the signing on their own infra
3) The certificate should not 'look like' the one RelEng uses to sign Firefox

This bug is to get server ops to obtain such a certificate.

The only question which remains is to work out exactly what should be in each field of the certificate, particularly the O field (which, I believe, is the one displayed in the relevant UI). This needs to be acceptable to the CA from a legal perspective, but also meet criteria 3.

My initial proposal for us to present to the CA for the O field is "Mozilla Foundation, SeaMonkey Project". If they refuse that, it would be good to get some guidance on the parameters they are having to work within.


Comment 1

11 months ago
Since joduinn, and mrz don't work at Moco anymore, and gerv isn't accepting NIs, I guess I'll
need to find someone else.  As Catlee is the QA for this bug, N-I him.
Flags: needinfo?(catlee)


11 months ago
Blocks: 1438083
You need to log in before you can comment on or make changes to this bug.