I think FireFox plugin XPI need to be signed, this is the usage.
Regards, Richard > On Sep 24, 2015, at 20:53, Gervase Markham <[email protected]> wrote: > >> On 24/09/15 02:58, Peter Kurrasch wrote: >> I suppose my comment was not as clear as I intended but, yes, I think >> Mozilla's commitment to openness is a reason to keep the code sign bit >> and continue to review CA inclusion requests for their code signing >> roots. I'm not aware of another organization who is in a similar >> position as Mozilla with a similar commitment to openness who could >> carry this work forward if the decision is made to remove the code >> signing trust bit. > > But that argument carries very little weight if no-one actually pays > attention to our code-signing trust bit. Does anyone? > > If it's not useful to anyone, why keep it? > > Gerv > > > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
