Closed
Bug 1245842
Opened 9 years ago
Closed 6 years ago
Use sha1+sha2 dual signatures for Firefox binaries
Categories
(Release Engineering :: General, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: emk, Unassigned)
References
Details
I confirmed that the sha1 signature signed after Jan. 1 2016 still works if KB3033929 is not installed.
A sample binary is available here:
http://crystalmark.info/redirect.php?product=CrystalDiskMarkInstaller-ja
This binary has three signatures in the following order:
1. sha1 digest + sha1 certificate + sha1 timestamp
2. sha2 digest + sha2 certificate + sha1 timestamp
3. sha1 digest + sha2 certificate + sha1 timestamp
I tested this with the following environments:
* Windows XP SP2
* Windows XP SP3
* Windows Vista
* Windows 7 RTM
* Windows 7 SP1 with the latest patches
* Windows 7 SP1 with the latest patches minus KB3033929
We've employed sha2 single signature due to fear of the breakage on some Win7 machines. I believe we have no reason to avoid dual signatures anymore.
|
||
Updated•9 years ago
|
Component: Releases → General Automation
QA Contact: rail → catlee
|
||
Updated•9 years ago
|
|
||
Updated•7 years ago
|
Priority: -- → P3
|
||
Comment 2•7 years ago
|
||
I don't think this is useful now that we've deprecated support for XP pre-SP2 and Vista?
|
Assignee | |
Updated•6 years ago
|
Component: General Automation → General
|
|
||
Comment 3•6 years ago
|
||
(In reply to bhearsum@mozilla.com (back in 2019Q1) from comment #2)
> I don't think this is useful now that we've deprecated support for XP
> pre-SP2 and Vista?
Let's go with this.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•