On Tue, May 28, 2019 at 7:12 PM Brian Drake <[email protected]> wrote:
> I followed the link given, but it did not give any information about > this signing change, let alone why it is so important that it might be > forced onto ESR 68 users (see below). Is this documented anywhere? > We do not have public documentation about this change. > While we expect to support the old signature format on Firefox ESR 68 > > through its end of life, we do not guarantee it. > > If this change is also applied to ESR 68, it would be a change that > reduces compatibility. I was under the impression that changes that > reduced compatibility would only be made in response to critical > security issues, since the whole point of ESR is to have a stable > specification. But this does not seem to be a critical security issue. > What am I missing? > If a critical security issue is found with the old signatures, we would stop supporting them on ESR 68. That is why we can't guarantee to support the old signature through the end of life for ESR 68. With regards to compatibility, the new signatures are backwards compatible with older versions of Firefox. If we needed to stop supporting the old signatures, users would not be required to update to a newer version to continue using signed extensions. -- Caitlin Neiman Community Manager, Add-ons Mozilla
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
