Yes this could be definitely a fix as long as you have a way to identify
that the file comes from the package manager and is unaltered.
2015-11-06 23:05 GMT+01:00 Benjamin Drung <bdr...@debian.org>:
> Am Freitag, den 06.11.2015, 20:06 +0100 schrieb Julien Aubin:
> > As of Firefox 44 / Iceweasel 44 unsigned plugins won't be allowed
> > anymore. Currently the Adblock Plus package in Debian archive (and
> > actually every other XPI plugin) are not signed. So could you please
> > fix this before Firefox 44 / Iceweasel 44 ships ?
> How should that work?
> We build all packages from source and require the power to change the
> code (e.g., for bug or security fixes). The signing key needs to be
> accessible when building. So should we create a signing key and add
> that to the package? That would defeat the purpose.
> IMO Iceweasel should trust the package manager and what it installs
> into the system.
> Benjamin Drung
> Debian & Ubuntu Developer
Pkg-mozext-maintainers mailing list