Closed Bug 537324 Opened 16 years ago Closed 4 years ago

SeaMonkey release signing infrastructure

Categories

(mozilla.org :: Community Giving, task)

Product:
mozilla.org
Component:
Community Giving
Platform:
x86
Linux
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1438083

People

(Reporter: kairo, Assigned: sethb)

References

Details

Bug 412031 has discussed code signing for community projects, ending in SeaMonkey needing its own infrastructure and cert to do that. Now, we need to find out what infrastructure we need and how to get it. joduinn and gozer have some experience with with that - can you tell me what infrastructure SeaMonkey should get for this? For actually getting the infrastructure, we need to involve Seth and Community Giving.
Assignee: server-ops → mrz
Assignee: mrz → sethb
Component: Server Operations → Community Giving
QA Contact: mrz → community-giving
Blocks: 572395
(In reply to comment #0) > Bug 412031 has discussed code signing for community projects, ending in > SeaMonkey needing its own infrastructure and cert to do that. > > Now, we need to find out what infrastructure we need and how to get it. > > joduinn and gozer have some experience with with that - can you tell me what > infrastructure SeaMonkey should get for this? > ping
Hi. I arrived here via bug #775762. Being able to ensure code authenticity to within acceptable levels of uncertainty is important. More so, for programs like browsers which transport private and/or sensitive information such as online banking, etc. Thank you for your renewed attention to this.
This seems to be the place where all duplicate bugs come to die and be buried. No substantive activity since late 2009! Is there anyone on the dev side following this thread any longer? If so, maybe you can post a "hello" comment every year or two just to keep the bug report dynamic and overflowing with vigor.
Rest assured this is high on our priority list, we just need to figure out the *legalese* regarding the signing certs themselves first. We are actively working on this.
Blocks: 689876
Blocks: 866049
I have a question which may be slightly off topic: Mac builds of both Firefox and Thunderbird are now signed using an Apple account, so that they'll work properly on OS X 10.8 and up -- see bug 752613 and bug 756830. But aside from bug 866049 (which has mistakenly been duped to this bug), I can't find about signing Mac builds of Seamonkey. Should I open one? Is it fair to say that we won't sign Mac Seamonkey builds before this bug is resolved?
Flags: needinfo?(bugspam.Callek)
(In reply to Steven Michaud from comment #8) > I have a question which may be slightly off topic: > > Mac builds of both Firefox and Thunderbird are now signed using an Apple > account, so that they'll work properly on OS X 10.8 and up -- see bug 752613 > and bug 756830. Well, the SeaMonkey builds still work on 10.8 and up, they just are more difficult to install by default. To be clear :-) > Should I open one? I wouldn't yet (since I think there is a bug on it already, but if not I can always file one, I know its needed!) > Is it fair to say that we won't sign Mac Seamonkey builds before this bug is > resolved? The two types of signing are disjoint, so not strictly reliant on each other. However the human to do the work (me) can't do both at the same time, and since we have a larger userbase on windows this bug is likely to happen first.
Flags: needinfo?(bugspam.Callek)
Blocks: 933020
Blocks: 830032
Anything new here?
(In reply to Rainer Bielefeld from comment #10) > Anything new here? I don't think so. When I asked 3 years ago, (:Callek) mentioned it was a high priority but they needed to deal with legal issues. Justin, do you mind providing details on what the issues are? Three years is a very long time... Thanks.
20180205 Monday Using SeaMonkey 2.49.1 on Mac OS 10.11.6 El Capitan. Still no code signature for SeaMonkey. $ codesign -dv --verbose=4 /Applications/SeaMonkey.app [RESULT:] /Applications/SeaMonkey.app: code object is not signed at all
(In reply to Mike from comment #12) > 20180205 Monday > > Using SeaMonkey 2.49.1 on Mac OS 10.11.6 El Capitan. > > Still no code signature for SeaMonkey. > > $ codesign -dv --verbose=4 /Applications/SeaMonkey.app > [RESULT:] > /Applications/SeaMonkey.app: code object is not signed at all The reason is we haven't signed our releases yet. As it's pending resolution of this bug.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.