[tor-bugs] #26127 [Applications/Tor Browser]: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 18 16:07:08 UTC 2018
#26127: Make sure Torbutton and Tor Launcher are not treated as legacy extensions
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Very High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: ff60-esr | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by gk):
* keywords: => ff60-esr
Comment:
Replying to [comment:1 tom]:
> I was nervous about this, so I checked with aswan.
>
> This pref just changes the UI, so that's okay.
>
> TB will (probably) want to build with MOZ_REQUIRE_SIGNING enabled;
otherwise users can install legacy extensions at will.
Yes.
> When we bake a new certificate into the browser to sign our own legacy
extensions, we'll need to set the OU to match what's in
https://searchfox.org/mozilla-
central/source/toolkit/mozapps/extensions/internal/XPIInstall.jsm#941 to
make sure it gets the correct treatment.
Good point. I think the signing bits are for #22971, though (even though
it seems we need to slightly repurpose that bug).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26127#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list