Confirm
394
edits
Changes
no edit summary
==Multiple Signatures and signing from multiple parties==
A MAR file can be signed by at most 8 different parties. The actual limit is defined in `modules/libmar/src/mar.h` with `MAX_SIGNATURES`.
To support multiple parties signing a MAR file, one party can export their MAR file's signature and send it to the 2nd party to import it into that party's already signed MAR file.
This model of not using NSS everywhere was decided early on because it wasn't wanted for an NSS bug to stop updates from working.
Technically there's also a problem with us not building NSS as a static library as well making updates using NSS harder.
==Where MAR verification happens==
MAR verification is always done for Firefox updates in Windows. It happens in the updater binary, even if the Mozilla Maintenance service is used.
As of Firefox 40, MAR verification is enabled on OS X too.
MAR verification is currently disabled by default on Linux due to some shared library errors because of the dynamic link to NSS.
