Closed
Bug 1167652
Opened 10 years ago
Closed 9 years ago
Turn on extension signing requirements by default
Categories
(Toolkit :: Add-ons Manager, defect, P1)
Toolkit
Add-ons Manager
Tracking
()
VERIFIED
FIXED
mozilla42
People
(Reporter: mossop, Assigned: mossop)
References
Details
(Whiteboard: [hijacking][fxsearch])
Attachments
(1 file, 1 obsolete file)
(deleted),
patch
|
mossop
:
review+
ritu
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
The plan is to turn this on around June 15th for Firefox 40 and later versions, that means an uplift to aurora at least.
Assignee | ||
Comment 1•10 years ago
|
||
Not planning on landing yet but might as well have the patch ready to go whenever we want.
Comment 2•10 years ago
|
||
Looks good for Firefox, but I thought we were not going to require signing on mobile at this point. Larissa, what's the plan for Fennec?
Flags: needinfo?(lshapiro)
Assignee | ||
Comment 3•10 years ago
|
||
The plan changed recently and we're getting it for android too, see bug 1168570 and dependencies
Comment 4•10 years ago
|
||
yes, we're doing this for android as discussed.
Comment 5•10 years ago
|
||
Comment on attachment 8613559 [details] [diff] [review]
patch
r=dveditz
Attachment #8613559 -
Flags: review?(dveditz) → review+
Assignee | ||
Updated•10 years ago
|
Flags: qe-verify+
Flags: needinfo?(lshapiro)
Flags: firefox-backlog+
Whiteboard: [hijacking][fxsearch]
Updated•10 years ago
|
Rank: 9
Priority: -- → P1
Assignee | ||
Comment 6•9 years ago
|
||
We're no longer tracking this for Firefox 40.
Assignee | ||
Comment 8•9 years ago
|
||
I only landed the pref change for Firefox not mobile since AMO hasn't yet enabled signing for mobile only add-ons.
Attachment #8613559 -
Attachment is obsolete: true
Attachment #8641751 -
Flags: review+
Assignee | ||
Comment 9•9 years ago
|
||
Comment on attachment 8641751 [details] [diff] [review]
patch
Per the signed add-ons meeting we want to enable this on aurora and hopefully have the ride to beta at the next merge.
Approval Request Comment
[Feature/regressing bug #]: Signed add-ons
[User impact if declined]: Users will be able to use unsigned add-ons by default
[Describe test coverage new/current, TreeHerder]: Automated tests for signed add-ons have been in nightly for a couple of months
[Risks and why]: This will disable add-ons not hosted on AMO that have yet to be signed
[String/UUID change made/needed]: None
Attachment #8641751 -
Flags: approval-mozilla-aurora?
Comment 10•9 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
status-firefox42:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla42
Comment on attachment 8641751 [details] [diff] [review]
patch
Let's turn on Add-ons signing to required by default in Aurora. End-users can pref-off if they'd like.
Attachment #8641751 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Tracked for FF41.
tracking-firefox41:
--- → +
Dave, do you think this is something we need to add to FF41 release notes? If yes, please nominate by setting relnote-firefox -> "?" and filling out suggested wording, etc. Thanks!
Flags: needinfo?(dtownsend)
Comment 14•9 years ago
|
||
Assignee | ||
Comment 15•9 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #14)
> https://hg.mozilla.org/releases/mozilla-aurora/rev/2ea47c7ed4e3
I think yes but I'm going to defer to Kev on wording.
Release Note Request (optional, but appreciated)
[Why is this notable]: Some user's add-ons will be disabled by default
[Suggested wording]: Add-ons that haven't been verified by Mozilla will be disabled by default.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
relnote-firefox:
--- → ?
Flags: needinfo?(dtownsend) → needinfo?(kev)
Comment 16•9 years ago
|
||
Like Dave's wording, would also add link to how to pref it off.
Release Note Request (optional, but appreciated)
[Why is this notable]: Some user's add-ons will be disabled by default
[Suggested wording]: Type 2 Add-ons (Extensions) that have not been verified by Mozilla will be disabled by default. Users can re-enable unverified addons by setting xpinstall.signatures.required to "false". Future versions of Firefox will remove this preference.
[Links (documentation, blog post, etc)]: https://support.mozilla.org/en-US/kb/add-ons-signing-firefox?as=u&utm_source=inproduct
Flags: needinfo?(kev)
Comment 17•9 years ago
|
||
The "Target Milestone" says 42 while the tracking flags says 41. Which one if the correct one? Thanks
Flags: needinfo?(dtownsend)
Assignee | ||
Comment 18•9 years ago
|
||
(In reply to Sylvestre Ledru [:sylvestre] from comment #17)
> The "Target Milestone" says 42 while the tracking flags says 41. Which one
> if the correct one? Thanks
It landed in Nightly 42 and was uplifted to 41, so the target milestone is correct unless we've changed what that means
Flags: needinfo?(dtownsend)
Added relnote to FF41 in nucleus. I've trimmed the suggested wording as release notes are typically one-liners with links for further reading.
Comment 20•9 years ago
|
||
Pref xpinstall.signatures.required is set to true by default in Firefox 42.0a2 (2015-08-20) and Firefox 41 beta 3 (20150820142145). Verified fixed under Ubuntu 14.04 32-bit, Windows 7 64-bit and Mac OS X 10.10.4.
You need to log in
before you can comment on or make changes to this bug.
Description
•