Consider how hash verification should work for language models and wasm binaries
Categories
(Firefox :: Translations, enhancement, P2)
Tracking
()
Tracking | Status | |
---|---|---|
firefox113 | --- | fixed |
People
(Reporter: gregtatum, Assigned: gregtatum)
References
Details
Attachments
(1 file)
Remote Settings can verify the hash of the content on the disk. There is a runtime cost to this and it also involves a network request. We should consider the strategy here on checking this information. The wasm and language models are stored in the user directory which is open to tampering. Hash verification will ensure that the contents of the cache are valid.
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 1•1 year ago
|
||
Erik and I discussed this, and we are doing the safe and correct thing, which we feel comfortable with shipping, so this doesn't block the MVP. We can re-visit when and if we get evidence that this slows down the process.
Assignee | ||
Comment 2•1 year ago
|
||
I don't think this is worth keeping open, as Erik and I discussed this. We can always re-open if the evidence shows that this is slow.
Assignee | ||
Comment 3•1 year ago
|
||
Actually, I'll attach a patch to this to remove the TODOs.
Assignee | ||
Updated•1 year ago
|
Assignee | ||
Comment 4•1 year ago
|
||
Depends on D173194
Pushed by gtatum@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/793ba36c54b5 Always verify signatures for translation assets; r=nordzilla
Comment 6•1 year ago
|
||
Backed out for causing failures at browser_full_page.js.
Backout link: https://hg.mozilla.org/integration/autoland/rev/824c14ab68396152de37a562f09df8ce71f924bf
Push where failures started: https://treeherder.mozilla.org/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cretry%2Cusercancel&revision=457474e589d4544345a1f55d4343a4b70ded1d1e&selectedTaskRun=Hrqjdo8ESFSvywMOFoyoyw.0
Failure log: https://treeherder.mozilla.org/logviewer?job_id=410034037&repo=autoland&lineNumber=11999
Pushed by gtatum@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/1264ea613b5e Always verify signatures for translation assets; r=nordzilla
Comment 8•1 year ago
|
||
bugherder |
Description
•