[libvoikko] Mozvoikko needs to be signed and reviewed at addons.mozilla.org
hatapitk at iki.fi
Tue Aug 18 22:10:04 EEST 2015
On Tuesday 18 August 2015 17:20:34 Timo Jyrinki wrote:
> Starting with Firefox 41, mozvoikko would need to be signed by the
> developer and reviewed at addons.mozilla.org. See downstream bug
> report: https://bugs.launchpad.net/ubuntu/+source/mozvoikko/+bug/1482219
Thanks for letting us know!
> Mozilla's instructions are at
> Another extension http://pad.lv/1482346 was reportedly already fixed
> "in the builds" (in a firefox-next package archive). When I asked
> Chris about the details on #ubuntu-devel, he had this to say:
> 20150818|15:11 < chrisccoulson> the addon needs to be reviewed and
> signed by the addons.mozilla.org team. The developer needs to do that
> I didn't get a further reply though so I'm not sure if the new Firefox
> builds in Ubuntu then automatically allow any identical-to-addons.m.o
> extension when it has been signed on the addons site. But I don't see
> any indication that the downstream extension in question would have
> been modified, so maybe this is the case that signing at addons would
> only be needed.
I really don't know yet how this will work. In theory for signing to be
effective the signature would need to cover at least all code used by the
extension and perhaps other resources too. And the problem is that the
be the same but it calls native code that is platform dependent and cannot be
the same on Windows and Linux. The native code can do anything so if the
signature does not cover that it would defeat the purpose of signing.
Additionally there is one question and answer at
https://wiki.mozilla.org/Addons/Extension_Signing that is understandable but
perhaps a bit problematic for Linux distributions:
* Will I need to sign the custom version of an existing add-on I created with
my own code changes, locale additions, etc.?
- If you use it on Release or Beta, yes. You will also need to change the
add-on ID in order to submit it for signing.
Since Mozvoikko has already been submitted to addons.mozilla.org (by Marko
Wallin) I understand that nobody else can get a signature for an extension
with the same identifier. So if for example I would want to sign my own
version of Mozvoikko I would need to change the identifier.
If this interpretation is correct we perhaps need to make the extension
identifier easily configurable. This is not a difficult thing to do but I
would first want to know if it is really needed. There is very little
information available at the moment it seems.
More information about the Libvoikko