Closed
Bug 730792
Opened 12 years ago
Closed 12 years ago
Enable new security checks for updates without the service
Categories
(Toolkit :: Application Update, defect)
Tracking
()
RESOLVED
FIXED
mozilla13
People
(Reporter: bbondy, Assigned: bbondy)
References
Details
Attachments
(1 file)
|
7.32 KB,
patch
|
robert.strong.bugs
:
review+
imelven
:
feedback+
|
Details | Diff | Splinter Review |
This patch makes it so: 1) the product information block check, and 2) the signature check will happen whether or not the service is used. It also stops using the error codes related to that as service-only error codes. It also fixes a nit that was missed from bug 725180.
Attachment #600881 -
Flags: review?(robert.bugzilla)
|
||
Updated•12 years ago
|
Attachment #600881 -
Flags: review?(robert.bugzilla) → review+
|
Assignee | |
Comment 1•12 years ago
|
||
This is ready to land and passes elm and try tests, but since x64 native builds aren't being signed we should wait to land this for a few days (See Bug 730821 for details).
|
|
Assignee | |
Comment 2•12 years ago
|
||
Comment on attachment 600881 [details] [diff] [review] Patch v1. Wondering what your thoughts are about only landing this on v13 and not requesting aurora?
Attachment #600881 -
Flags: feedback?(imelven)
Attachment #600881 -
Flags: feedback?(bsmith)
|
|
Assignee | |
Comment 3•12 years ago
|
||
This wasn't landed on m-c yet because we need to wait a few days for Bug 730821 to minimize anyone on x64 that might not update right away. I.e. they need the fix from bug 730821 because they are currently (well before bug 730821 landed) falling back because x64 builds aren't being signed but are being checked for signatures.
|
||
Comment 4•12 years ago
|
||
Comment on attachment 600881 [details] [diff] [review] Patch v1. If there's enough confidence in the feature to consider landing turning on the extra security checks in Aurora, I definitely think we should do that. Personally my view is that I would like to see the security checks enabled for both the service and non-service cases as soon as we feel able to do so.
Attachment #600881 -
Flags: feedback?(imelven) → feedback+
|
|
||
Comment 5•12 years ago
|
||
Adding dveditz and rforbes who are now handling silent updates from the Security Assurance team in case they have feedback as well (see comment 2)
|
|
Assignee | |
Updated•12 years ago
|
Attachment #600881 -
Flags: feedback?(bsmith)
|
|
Assignee | |
Comment 6•12 years ago
|
||
I'm thinking I should wait to land this on m-c until Bug 731901 (and its dependent bug 711054) land. Since the telemetry is reporting wrong, we currently have no visibility into if we are getting the new error codes or not. I have no reports from people but it would be hard to know that you got an update unless you actually went to the about dialog to verify after you knew you had an update. Most people probably wouldn't notice.
|
|
Assignee | |
Comment 7•12 years ago
|
||
http://hg.mozilla.org/integration/mozilla-inbound/rev/116765365c0e
Target Milestone: --- → mozilla13
|
||
Comment 8•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/116765365c0e
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 9•12 years ago
|
||
Dan Veditz wrote: > If Telemetry starts working and we can get some data we'd still > prefer turning this on for Firefox 12. We'd like to document the new > update mechanisms and the incompleteness will be noticeable. But we > know it's in Firefox 13 for sure so we can live without it in 12 if > we have to. Given that we ran into bug 735713, unless there are strong objections this will not be uplifted manually and with land on Release with v13.
You need to log in
before you can comment on or make changes to this bug.
Description
•