canmove, Confirmed users
1,220
edits
Security/Reviews/B2GUpdates: Difference between revisions
no edit summary
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 15: | Line 15: | ||
**https://bugzilla.mozilla.org/show_bug.cgi?id=797477 | **https://bugzilla.mozilla.org/show_bug.cgi?id=797477 | ||
*Libmar changes to support multiple sigs: **https://bugzilla.mozilla.org/show_bug.cgi?id=792452 | *Libmar changes to support multiple sigs: **https://bugzilla.mozilla.org/show_bug.cgi?id=792452 | ||
**https://bugzilla.mozilla.org/show_bug.cgi?id=783638 | |||
*Background information on the MAR file format: https://wiki.mozilla.org/Software_Update:MAR and how signing currently works before | |||
}} | }} | ||
{{SecReview | {{SecReview | ||
| Line 48: | Line 50: | ||
*42 weeks (ESR) > update cycle > 6 weeks (Firefox) | *42 weeks (ESR) > update cycle > 6 weeks (Firefox) | ||
*Current proposal is 18 weeks | *Current proposal is 18 weeks | ||
Integrity checking: | Integrity checking: MAR Signing as above & Gaia apps also signed as per packaged apps. | ||
Update server(s): Not decided yet.<br> | Update server(s): Not decided yet.<br> | ||
Delivery: Updates will be provided over a private APN. (Wifi? Download to PC then USB update?) <br> | Delivery: Updates will be provided over a private APN. (Wifi? Download to PC then USB update?) <br> | ||
| Line 63: | Line 62: | ||
##b2g process is restarted | ##b2g process is restarted | ||
##in case of error the device is rebooted (not normally required though) | ##in case of error the device is rebooted (not normally required though) | ||
|SecReview alt solutions=- Why three signatures? | |SecReview alt solutions=- Why three signatures? | ||
* support for contractual relationships | * support for contractual relationships | ||