Bug#804266: [Pkg-mozext-maintainers] Bug#804266: Please use signed plugins for Adblock Plus and so on

[Julien Aubin]

Hello,

Yes this could be definitely a fix as long as you have a way to identify
that the file comes from the package manager and is unaltered.

2015-11-06 23:05 GMT+01:00 Benjamin Drung :

> Am Freitag, den 06.11.2015, 20:06 +0100 schrieb Julien Aubin:
> > As of Firefox 44 / Iceweasel 44 unsigned plugins won't be allowed
> > anymore. Currently the Adblock Plus package in Debian archive (and
> > actually every other XPI plugin) are not signed. So could you please
> > fix this before Firefox 44 / Iceweasel 44 ships ?
>
> How should that work?
>
> We build all packages from source and require the power to change the
> code (e.g., for bug or security fixes). The signing key needs to be
> accessible when building. So should we create a signing key and add
> that to the package? That would defeat the purpose.
>
> IMO Iceweasel should trust the package manager and what it installs
> into the system.
>
> --
> Benjamin Drung
> Debian & Ubuntu Developer
>
>
>

Bug#804266: [Pkg-mozext-maintainers] Bug#804266: Please use signed plugins for Adblock Plus and so on

[Benjamin Drung]

Am Freitag, den 06.11.2015, 20:06 +0100 schrieb Julien Aubin:
> As of Firefox 44 / Iceweasel 44 unsigned plugins won't be allowed 
> anymore. Currently the Adblock Plus package in Debian archive (and 
> actually every other XPI plugin) are not signed. So could you please 
> fix this before Firefox 44 / Iceweasel 44 ships ?

How should that work?

We build all packages from source and require the power to change the
code (e.g., for bug or security fixes). The signing key needs to be
accessible when building. So should we create a signing key and add
that to the package? That would defeat the purpose.

IMO Iceweasel should trust the package manager and what it installs
into the system.

-- 
Benjamin Drung
Debian & Ubuntu Developer