Last Comment Bug 593571 - Support signed updates in Thunderbird
: Support signed updates in Thunderbird
Product: Thunderbird
Classification: Client Software
Component: Preferences (show other bugs)
: Trunk
: All All
-- normal (vote)
: Thunderbird 17.0
Assigned To: Mark Banner (:standard8)
Depends on: 544442 583408 745536
  Show dependency treegraph
Reported: 2010-09-04 04:22 PDT by Mark Banner (:standard8)
Modified: 2012-10-11 04:49 PDT (History)
5 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---

The fix (3.17 KB, patch)
2012-08-03 11:56 PDT, Mark Banner (:standard8)
irving: review+
standard8: approval‑comm‑aurora+
standard8: approval‑comm‑beta+
standard8: approval‑comm‑esr10+
Details | Diff | Splinter Review

Description User image Mark Banner (:standard8) 2010-09-04 04:22:56 PDT
Bug 583408 added a few default prefs, see that bug and bug 593135 for some of the things we need to pull across.
Comment 1 User image Robert Strong [:rstrong] (use needinfo to contact me) 2010-09-04 04:28:03 PDT
Hi Mark, I moved this over to preferences since that is all that needs to be added to implement this and it has nothing to do with the installer code.
Comment 2 User image Mark Banner (:standard8) 2012-08-03 11:56:53 PDT
Created attachment 648795 [details] [diff] [review]
The fix

This ports the necessary work of the dependent bugs to Thunderbird. Now we're on aus3, this is much easier, as it is just a matter of matching Firefox's prefs.

I've been running with these set manually for a month or so now (and Ludovic also ran for a bit) and its been fine, so I think we should just get on and do this and make our updates even more secure.

In the patch I also moved a couple of prefs just to match closer the diffs to the ones in the firefox.js file.

I'll be looking to get this into the beta on Tuesday, so that we've a couple of cycles to test it.
Comment 3 User image :Irving Reid (No longer working on Firefox) 2012-08-03 13:50:40 PDT
Comment on attachment 648795 [details] [diff] [review]
The fix

Review of attachment 648795 [details] [diff] [review]:

The preferences look fine, and my trunk Thunderbird loads without complaint with this patch applied, but there's not much more I can say about it without testing against an update server (beyond just clicking "check for updates" and having it reply "none found", which I did try).

Do you know if the Firefox team has a test harness for this including servers with bad certificates, incorrectly signed updates, etc?
Comment 4 User image Robert Strong [:rstrong] (use needinfo to contact me) 2012-08-03 14:31:50 PDT
These changes are only for the cert attribute check when checking for an update and there are toolkit tests under

Comment 5 User image Mark Banner (:standard8) 2012-08-08 11:46:35 PDT
Checked in:
Comment 6 User image Mark Banner (:standard8) 2012-08-08 11:47:53 PDT
Comment on attachment 648795 [details] [diff] [review]
The fix

[Triage Comment]
I want to deploy this everywhere as an additional security layer for updates.
Comment 8 User image gabriel 2012-10-11 04:49:54 PDT
Unfortunately, this patch broke updates through our locally hosted Thunderbird ESR update server. See bug 800307.

Note You need to log in before you can comment on or make changes to this bug.