On Mon, Aug 11, 2014 at 05:09:11PM -0700, yan wrote: > Hi all, > > I made an experimental release of HTTPS Everywhere Firefox 4.0.0 last > week, and it's up at > https://www.eff.org/files/https-everywhere-4.0.0.xpi. PGP signature > (with my personal GPG key): > https://www.eff.org/files/https-everywhere-4.0.0.xpi.sig. > > I haven't officially released this as a stable update, because signature > verification on the update metadata file [1] has been unsuccessful for > some unknown reason. > > [1] https://www.eff.org/files/https-everywhere-update-2048-4.0.0.rdf
I did some experimenting on this, and concluded that the problem is something to do with the Firefox on Android stanza in that rdf file. I don't yet know if the problem is in Uhura's signing code, the Mozilla verification code, or some subtle typo, though I was able to reproduce the problem with the Firefox on Android stanza in two different places and with an HTTPSE update.rdf file too. This other update.rdf works: https://eff.org/files/https-everywhere-4.0.0-resigned.rdf So it's currently live for stable-branch desktop users. But users on Android can't update on it, unfortunately :/ > On a tangential note, I'm officially leaving EFF after I send this > email, since it's my last day here. But I'll still help out with HTTPS > Everywhere, at least until Zack's GSoC work is finished. :) We're missing you already! -- Peter Eckersley [email protected] Technology Projects Director Tel +1 415 436 9333 x131 Electronic Frontier Foundation Fax +1 415 436 9993 _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
