> You're right. I was considering addons.mozilla.org as the canonical > source of the xpi, but still, that can be owned too. In fact, I just > got a message from them informing me that they modified my torbutton > 1.2.3 xpi to prevent it from being listed as compatible with FF3.6. So > they see fit to randomly modify the xpis too. Wonder what would happen > if I did have a code signing cert..
Wow, that sounds quite scary. Ok, probably it's no big deal for any addon that is not security-centric, but it's still not nice to arbitrarily modify someone else's code. > I've posted the gpg sigs for 1.2.2, 1.2.3 and 1.2.4 at: > https://www.torproject.org/torbutton/releases/ Thanks! I love the Tor community for always keeping up with expectations. Paolo *********************************************************************** To unsubscribe, send an e-mail to [email protected] with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
