Closed
Bug 684434
Opened 13 years ago
Closed 13 years ago
Some GPG detached signatures (asc) missing for Firefox 6.0.1, 7.0b3, & 6.0.2 build2
Categories
(Release Engineering :: General, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: nanotube, Assigned: nthomas)
References
Details
User Agent: Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/6.0 Build ID: 20110811165603 Steps to reproduce: Tried to verify the integrity and authenticity of firefox 6.0.1 release tarball. Actual results: Releases prior to 6.0.1 came with a detached gpg signature file, so that the tarball could be verified for integrity and authenticity. (example: http://releases.mozilla.org/pub/mozilla.org/firefox/releases/6.0/linux-i686/en-US/ and note the .asc file). 6.0.1 however has no .asc file for it (examine the content of http://releases.mozilla.org/pub/mozilla.org/firefox/releases/6.0/linux-i686/en-US/ ). it is not even included in the upper-level SHA1SUMS file. So, I failed to find a method to verify the integrity or authenticity of the release archive. Expected results: I should have found the .asc file as usual, right next to the .bz2, and been able to verify the signature. Please push out the signatures for the released files asap!
I tried asking about this on irc.mozilla.org/#firefox IRC, but was directed to file a report on bugzilla. Hope this is an appropriate section to file this in.
Comment 2•13 years ago
|
||
Moving to installer as it's the closest component I could think of
Component: General → Installer
QA Contact: general → installer
Updated•13 years ago
|
Component: Installer → Release Engineering
Product: Firefox → mozilla.org
QA Contact: installer → release
Version: 6 Branch → other
Assignee | ||
Comment 4•13 years ago
|
||
Confirmed on the master copy of the 6.0.1 files. We have asc files on the win32 installers and the two SUMS files, but not for Mac or either Linux. RelEng, I bet this is a result of the signing issues, where signed-build1/ was moved away and we forgot to rsync linux + mac over from unsigned-build1/ (the last line of the download target at http://hg.mozilla.org/build/tools/file/tip/release/signing/Makefile#l180) Fx 3.6.21 and 3.6.22 build2 are OK, but 6.0.2 build2 has the same problem.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Summary: Missing methods to verify release integrity and authenticity → Some GPG detached signatures (asc) missing for Firefox 6.0.1 & 6.0.2 build2
Assignee | ||
Updated•13 years ago
|
Summary: Some GPG detached signatures (asc) missing for Firefox 6.0.1 & 6.0.2 build2 → Some GPG detached signatures (asc) missing for Firefox 6.0.1, 7.0b3, & 6.0.2 build2
Comment 6•13 years ago
|
||
I think I've fixed 6.0.2 build 2.
Assignee | ||
Comment 7•13 years ago
|
||
Looks good to me. I'll get the other two releases tomorrow, if no-one beats me to it.
Assignee | ||
Updated•13 years ago
|
Assignee: nobody → nrthomas
Priority: -- → P3
Assignee | ||
Comment 9•13 years ago
|
||
7.0b3 has been fixed, even though we didn't actually release that. Bug 634270 tracks the underlying issue.
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 10•13 years ago
|
||
Problem reappears in 7.0.1. (This probably isn't too surprising as according to Comment 9 the underlying problem isn't solved yet. I thought, it might make some sense to report nevertheless. Hope, this was all right.)
Comment 11•13 years ago
|
||
(In reply to Peter Mattern from comment #10) > Problem reappears in 7.0.1. > (This probably isn't too surprising as according to Comment 9 the underlying > problem isn't solved yet. I thought, it might make some sense to report > nevertheless. Hope, this was all right.) Fixing up 7.0.1 is tracked in https://bugzilla.mozilla.org/show_bug.cgi?id=690730
Updated•11 years ago
|
Product: mozilla.org → Release Engineering
You need to log in
before you can comment on or make changes to this bug.
Description
•