FS#45900 - [firefox] Disable extension signature verification
Attached to Project:
Arch Linux
Opened by Sven Karsten Greiner (SammysHP) - Wednesday, 05 August 2015, 10:01 GMT
Last edited by Evangelos Foutras (foutrelis) - Wednesday, 05 August 2015, 14:01 GMT
Opened by Sven Karsten Greiner (SammysHP) - Wednesday, 05 August 2015, 10:01 GMT
Last edited by Evangelos Foutras (foutrelis) - Wednesday, 05 August 2015, 14:01 GMT
|
Details
With the next release of Firefox the signature of extensions
will be checked.
- Firefox 40: Firefox warns about signatures but doesn't enforce them. - Firefox 41: Firefox will have a preference that allows signature enforcement to be disabled (xpinstall.signatures.required in about:config). - Firefox 42: Release and Beta versions of Firefox will not allow unsigned extensions to be installed, with no override. (https://wiki.mozilla.org/Addons/Extension_Signing) Arch builds Firefox with --enable-official-branding which enables the verification. I suggest to disable the verification because Arch users usually don't want to be limited in their freedom. As far as I can see the verification is enabled with MOZ_ADDON_SIGNING in the default configuration. |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Wednesday, 05 August 2015, 14:01 GMT
Reason for closing: Won't implement
Additional comments about closing: This has security benefits and as such will remain enabled.
Wednesday, 05 August 2015, 14:01 GMT
Reason for closing: Won't implement
Additional comments about closing: This has security benefits and as such will remain enabled.
Comment by Allan McRae (Allan) -
Wednesday, 05 August 2015, 10:12 GMT
Arch will package how upstream intends.