Closed Bug 1877517 Opened 2 years ago Closed 2 years ago

extend ADDON_SIGNATURE_VERIFICATION_STATUS to include if sha1 was used

Tracking

()

Status:

RESOLVED WONTFIX

People

(Reporter: keeler, Assigned: keeler)

Details

(Whiteboard: [psm-assigned])

Dana Keeler (she/her) [:keeler]

Assignee

Description

•

2 years ago

For bug 1871108, it would be helpful to know how often sha1 is currently relied upon to verify addons. The histogram ADDON_SIGNATURE_VERIFICATION_STATUS seems like a natural place to put this, and I would argue that the original review of that probe (in bug 1771523) covers this additional information.

Dana Keeler (she/her) [:keeler]

Assignee

Comment 1

•

2 years ago

Turns out, this is a bit moot, because all of the pkcs7 signatures use sha1.

Status: NEW → RESOLVED

Closed: 2 years ago

Resolution: --- → WONTFIX

You need to log in before you can comment on or make changes to this bug.

Bugzilla

extend ADDON_SIGNATURE_VERIFICATION_STATUS to include if sha1 was used

Categories

(Core :: Security: PSM, task, P1)

Tracking

()

People

(Reporter: keeler, Assigned: keeler)

References

Details

(Whiteboard: [psm-assigned])

Crash Data

Security

(public)

User Story

Description

Comment 1