[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #9769 [EFF-HTTPS Everywhere]: Move HTTPS Everywhere back to addons.mozilla.org
#9769: Move HTTPS Everywhere back to addons.mozilla.org
--------------------------------------+----------------------
Reporter: micahlee | Owner: micahlee
Type: project | Status: new
Priority: normal | Milestone:
Component: EFF-HTTPS Everywhere | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
--------------------------------------+----------------------
Comment (by zyan):
It appears that AMO does *no* code signing for addons, so they're just
protected by HTTPS after the approval process. Kind of scary in light of
Heartbleed!
I have decided that the best-case scenario is for AMO to let us sign
updates with our own key, which Chrome Web Store does. Please star and
discuss here: https://bugzilla.mozilla.org/show_bug.cgi?id=999014
If that fails, we can wrangle the release scripts to use a new CA-signed
cert as soon as PKP lands in Firefox.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9769#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs