Signtool distribution itself should be signed

NEW
Assigned to

Status

NSS
Tools
P2
enhancement
17 years ago
12 years ago

People

(Reporter: Arshad Noor, Assigned: Robert Relyea)

Tracking

unspecified
Sun
Solaris

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

17 years ago
Given that signtool is used to sign and verify software objects, customers
should be able to trust that they have a version of signtool that they can
trust - otherwise object signing doesn't make sense. 

I would like to propose that iPlanet/Mozilla.org, digitally sign the binary
and source distributions of signtool and make them available on your web
sites. 

Additionally, allow customers to be able to buy an official CD-ROM from 
iPlanet/Mozilla.org with signed versions of the signtool binary and source.
This way customes won't have to trust the websites, if they prefer to trust
official CD-ROMs from the company.

Comment 1

17 years ago
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true

Comment 2

17 years ago
marking signtool bugs as future until 3.3 plan is ready.
Assignee: wtc → mcgreer
Target Milestone: --- → Future

Comment 3

17 years ago
Set Target Milestone to NSS 3.3.  Assigned the RFE to
Bob for evaluation.
Assignee: mcgreer → relyea
Priority: -- → P2
Target Milestone: Future → 3.3

Updated

16 years ago
Target Milestone: 3.3 → 3.4
(Assignee)

Comment 4

16 years ago
Signing out distribution in general would be a good idea, just not for 3.4.

bob
Target Milestone: 3.4 → 4.0

Comment 5

16 years ago
Changed the QA contact to Bishakha.
QA Contact: sonja.mirtitsch → bishakhabanerjee
QA Contact: bishakhabanerjee → jason.m.reid
QA Contact: jason.m.reid → tools
You need to log in before you can comment on or make changes to this bug.