[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #26127 [Applications/Tor Browser]: Make sure Torbutton and Tor Launcher are not treated as legacy extensions



#26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Very High                 |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  ff60-esr                  |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------
Changes (by gk):

 * keywords:   => ff60-esr


Comment:

 Replying to [comment:1 tom]:
 > I was nervous about this, so I checked with aswan.
 >
 > This pref just changes the UI, so that's okay.
 >
 > TB will (probably) want to build with MOZ_REQUIRE_SIGNING enabled;
 otherwise users can install legacy extensions at will.

 Yes.

 > When we bake a new certificate into the browser to sign our own legacy
 extensions, we'll need to set the OU to match what's in
 https://searchfox.org/mozilla-
 central/source/toolkit/mozapps/extensions/internal/XPIInstall.jsm#941 to
 make sure it gets the correct treatment.

 Good point. I think the signing bits are for #22971, though (even though
 it seems we need to slightly repurpose that bug).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26127#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs