Opened 3 years ago

Last modified 4 months ago

#21922 new defect

Add our reasoning for dealing with the XPI signing to our design document

Reported by: gk Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-spec
Cc: mcs, brade Actual Points:
Parent ID: #25021 Points:
Reviewer: Sponsor:

Description

We missed to explain how we deal with the code-signing requirement for our own extensions. We should have that in our design document I think.

Child Tickets

Change History (2)

comment:1 Changed 3 years ago by mcs

Cc: mcs brade added

comment:2 Changed 4 months ago by gk

Parent ID: #25021

Should be straightforward to add this under "Other Security Measures". Nowadays this only affects HTTPS Everywhere. We should point out why we want to use EFF's signature here and could generally point out our efforts trying to just ship the extensions via our own in-browser update mechanism and not via AMO/external auto-updating.

Note: See TracTickets for help on using tickets.