The current build process uses files from stage-old (aka surf.mozilla.org) in order to generate mar and txt files used by AUS. The proposed change would be to create a file store within the build network to store hash files from each build generated from the buildbot slaves. These file would then be used to verify anything coming off surf.mozilla.org to be used to generate the txt and mar files. A check should be inserted to verify we are downloading the correct file.
I can take a look at this
Assignee: nobody → jhford
Priority: -- → P3
mcoates: since this bug was filed, we have started doing signing of updates, (needed for silent update). Given that, is there still any need to do this hash repo work? aiui, this hash repo was just a quick-and-dirty way to verify the updates were not modified before we used them internally. However, since then we've figured out how to do mar signing, which works for us internally, and also for end users. I'd like to close this bug as WONTFIX unless I am missing something?
Status: NEW → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WONTFIX
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.