Hello,

Yes this could be definitely a fix as long as you have a way to identify
that the file comes from the package manager and is unaltered.

2015-11-06 23:05 GMT+01:00 Benjamin Drung <bdr...@debian.org>:

> Am Freitag, den 06.11.2015, 20:06 +0100 schrieb Julien Aubin:
> > As of Firefox 44 / Iceweasel 44 unsigned plugins won't be allowed
> > anymore. Currently the Adblock Plus package in Debian archive (and
> > actually every other XPI plugin) are not signed. So could you please
> > fix this before Firefox 44 / Iceweasel 44 ships ?
>
> How should that work?
>
> We build all packages from source and require the power to change the
> code (e.g., for bug or security fixes). The signing key needs to be
> accessible when building. So should we create a signing key and add
> that to the package? That would defeat the purpose.
>
> IMO Iceweasel should trust the package manager and what it installs
> into the system.
>
> --
> Benjamin Drung
> Debian & Ubuntu Developer
>
>
>
_______________________________________________
Pkg-mozext-maintainers mailing list
Pkg-mozext-maintainers@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-mozext-maintainers

Reply via email to