[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org

Subject: Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 14 Aug 2014 22:05:49 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 14 Aug 2014 18:05:56 -0400
In-reply-to: <048.6ea22bfe2b5a5c6d74c9a0df67e2cdd1@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <048.6ea22bfe2b5a5c6d74c9a0df67e2cdd1@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9769: Move HTTPS Everywhere back to addons.mozilla.org
--------------------------------------+----------------------
     Reporter:  micahlee              |      Owner:  micahlee
         Type:  project               |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by jsha):

 zyan's bugzilla bug to allow offline signatures for AMO extensions was
 rejected.

 Public key pinning has landed in Firefox:
 https://bugzilla.mozilla.org/show_bug.cgi?id=744204 and
 https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning.
 However, that's for HTTPS requests, but the documentation to use CA-
 signing for XPIs appears to be about code signing. I'm willing to bet that
 the PKP implementation does not extend to code signing.

 Also, kmag on the bugzilla thread
 (https://bugzilla.mozilla.org/show_bug.cgi?id=999014) has a very good
 point. If there's a universal hotfix addon that is not offline-signed and
 can deliver updates to any addon, there's no additional security for
 Firefox users in our current method. TBB users, of course, don't get their
 HTTPS Everywhere from AMO, and so are not affected.

 I think we should proceed with adding HTTPS Everywhere to AMO. zyan, any
 objections?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9769#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #12684 [Firefox Patch Issues]: Make "Not Now" the default button for TorBrowser's canvas permission dialogue
Next by Author: Re: [tor-bugs] #12684 [Firefox Patch Issues]: Make "Not Now" the default button for TorBrowser's canvas permission dialogue
Previous by thread: Re: [tor-bugs] #6975 [EFF-HTTPS Everywhere]: Tag for Chrome & FF23+ all the rulesets where mixed content breaks things (!)
Next by thread: Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
Index(es):
- Author
- Thread