On Thu, Feb 12, 2015 at 07:07:34PM +0100, Reindl Harald wrote:
Am 12.02.2015 um 18:53 schrieb Simo Sorce:
>>Maybe it is only about preventing people from bundling the official
>>Firefox version with dodgy add-ons. Not downright malware, but things
>>users may not actually want without realizing it. The signature
>>checking means that those who prepare the downloads can no longer use
>>the unmodified upstream binary. Which in turn might force them not to
>>use Mozilla brands.
>>
>>Maybe this is a bit far-fetched, but after hours of staring at other
>>people's code today, it seems pretty reasonable to me.
>>
>>But what do add-on developers do? Surely there is a way to disable this
>>somehow?
>
>Mozilla stated they will have to use the Developer Version (Aurora was
>the name ?) or the nightlies ...
than Fedora needs to switch to the developer version if that *really* can't
be disabled via about:config - that is a unacceptable restriction until
hmtlvalidator, livehttpheaders and friends are available sigend via the
mozilla page
any news on that on our side? From firefox-devel I gather that the "feature"
will land exactly as anounced.
There will be no configurable option for the user or sysadmin to allow loading
of plugins not signed by mozilla - be it Fedora signed plugins or my personal
bunch of homebrown locally built plugins.
So I think Fedora could provide 2 Firefox packages:
* firefox-official with all restrictions
* unbranded-firefoxlike-browser which is almost identical but without said
restrictions
Richard
--
Name and OpenPGP keys available from pgp key servers