On 08/10/2015 01:35 PM, Claudio Moretti wrote: > Are they at least telling you why it keeps getting flagged? :/ Yep, the automatic validator is open source (https://github.com/mozilla/amo-validator) and its output is shown, error by error, in the AMO console.
They've not told us exactly which amo-validator warnings cause a manual review flag, but have offered to clarify that in future releases. The most likely candidate is that the SSL Observatory code accesses the ctypes global, which is necessary to access NSS in order to get certs to upload. It turns out the issue is not just maliciousness, but the fact that accessing ctypes is subtle and can cause extensions to be broken or slow in various ways. The goal of addon signing is not only to prevent malware, but to more generally clean up the addon ecosystem. So, hopefully a future release of amo-validator (and the associated AMO backend code) will be able to say "HTTPS Everywhere uses ctypes, and that's fine," and we can get signatures in an automated way, as the addon signing system was intended to work. _______________________________________________ HTTPS-Everywhere mailing list [email protected] https://lists.eff.org/mailman/listinfo/https-everywhere
