canmove, Confirmed users
1,570
edits
Extension Manager:Addon Update Security: Difference between revisions
Jump to navigation
Jump to search
Extension Manager:Addon Update Security (view source)
Revision as of 02:32, 30 June 2007
, 30 June 2007→Proposed Implementation
| Line 67: | Line 67: | ||
* Need to spec out precisely what the signature is signing. | * Need to spec out precisely what the signature is signing. | ||
=== Covering Compromises === | |||
Both of the methods for securing update manifests require that the add-on author keep their signing key or ssl private key secure. The ssl method also requires that the add-on author continues to be the owner of the domain name the manifest is hosted from. | |||
In the event that the author loses the domain the ssl site is hosted from or they believe that their ssl certificate or signing key have become compromised then they should notify Mozilla immediately so that appropriate steps can be taken. | |||
=== Non-conforming Add-ons === | === Non-conforming Add-ons === | ||