Simplify or automate signing of Jetpack XPIs
Status
Simplify signing XPIs in Jetpack | |
Stage | Draft |
Status | ` |
Release target | Jetpack Future |
Health | OK |
Status note | Investigating what signing of XPIs gets us. |
{{#set:Feature name=Simplify signing XPIs in Jetpack
|Feature stage=Draft |Feature status=` |Feature version=Jetpack Future |Feature health=OK |Feature status note=Investigating what signing of XPIs gets us. }}
Team
Product manager | Dave Mason |
Directly Responsible Individual | ` |
Lead engineer | ` |
Security lead | ` |
Privacy lead | ` |
Localization lead | ` |
Accessibility lead | ` |
QA lead | ` |
UX lead | ` |
Product marketing lead | ` |
Operations lead | ` |
Additional members | ` |
{{#set:Feature product manager=Dave Mason
|Feature feature manager=` |Feature lead engineer=` |Feature security lead=` |Feature privacy lead=` |Feature localization lead=` |Feature accessibility lead=` |Feature qa lead=` |Feature ux lead=` |Feature product marketing lead=` |Feature operations lead=` |Feature additional members=` }}
Open issues/risks
`
Stage 1: Definition
1. Feature overview
Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.
It would be nice if there was a way in the SDK to automate or simplify at least part of this process.
2. Users & use cases
Users who want to self-host their addons without paying for an SSL certificate to prove identity.
3. Dependencies
`
4. Requirements
`
Non-goals
`
Stage 2: Design
5. Functional specification
`
6. User experience design
`
Stage 3: Planning
7. Implementation plan
`
8. Reviews
Security review
`
Privacy review
`
Localization review
`
Accessibility
`
Quality Assurance review
`
Operations review
`
Stage 4: Development
9. Implementation
`
Stage 5: Release
10. Landing criteria
` {{#set:Feature open issues and risks=` |Feature overview=Currently, addon authors that want to sign their XPIs to self-host their extensions need to generate the XPI file, extract the install manifest, sign the manifest, put it back into the XPI, generate the hash of the XPI, add the hash to the update manifest, sign it, and then verify that everything works.
It would be nice if there was a way in the SDK to automate or simplify at least part of this process. |Feature users and use cases=Users who want to self-host their addons without paying for an SSL certificate to prove identity. |Feature dependencies=` |Feature requirements=` |Feature non-goals=` |Feature functional spec=` |Feature ux design=` |Feature implementation plan=` |Feature security review=` |Feature privacy review=` |Feature localization review=` |Feature accessibility review=` |Feature qa review=` |Feature operations review=` |Feature implementation notes=` |Feature landing criteria=` }}
Feature details
Priority | Unprioritized |
Rank | 999 |
Theme / Goal | ` |
Roadmap | Jetpack |
Secondary roadmap | Jetpack |
Feature list | Jetpack |
Project | ` |
Engineering team | Jetpack |
{{#set:Feature priority=Unprioritized
|Feature rank=999 |Feature theme=` |Feature roadmap=Jetpack |Feature secondary roadmap=Jetpack |Feature list=Jetpack |Feature project=` |Feature engineering team=Jetpack }}
Team status notes
status | notes | |||||||||
Products | ` | ` | ||||||||
Engineering | ` | ` | ||||||||
Security | sec-review-needed |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%); |
||||||||
Privacy | ` | ` | ||||||||
Localization | ` | ` | ||||||||
Accessibility | ` | ` | ||||||||
Quality assurance | ` | ` | ||||||||
User experience | ` | ` | ||||||||
Product marketing | ` | ` | ||||||||
Operations | ` | ` |
{{#set:Feature products status=`
|Feature products notes=` |Feature engineering status=` |Feature engineering notes=` |Feature security status=sec-review-needed |Feature security health=Blocked
|Feature security notes=
ID | Summary | Priority | Status |
---|---|---|---|
761810 | SecReview: Simplify signing XPIs in Jetpack | -- | RESOLVED |
1 Total; 0 Open (0%); 1 Resolved (100%); 0 Verified (0%);
|Feature privacy status=` |Feature privacy notes=` |Feature localization status=` |Feature localization notes=` |Feature accessibility status=` |Feature accessibility notes=` |Feature qa status=` |Feature qa notes=` |Feature ux status=` |Feature ux notes=` |Feature product marketing status=` |Feature product marketing notes=` |Feature operations status=` |Feature operations notes=` }}