[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org



#9769: Move HTTPS Everywhere back to addons.mozilla.org
--------------------------------------+----------------------
     Reporter:  micahlee              |      Owner:  micahlee
         Type:  project               |     Status:  new
     Priority:  normal                |  Milestone:
    Component:  EFF-HTTPS Everywhere  |    Version:
   Resolution:                        |   Keywords:
Actual Points:                        |  Parent ID:
       Points:                        |
--------------------------------------+----------------------

Comment (by zyan):

 It appears that AMO does *no* code signing for addons, so they're just
 protected by HTTPS after the approval process. Kind of scary in light of
 Heartbleed!

 I have decided that the best-case scenario is for AMO to let us sign
 updates with our own key, which Chrome Web Store does. Please star and
 discuss here: https://bugzilla.mozilla.org/show_bug.cgi?id=999014

 If that fails, we can wrangle the release scripts to use a new CA-signed
 cert as soon as PKP lands in Firefox.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9769#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs