On 01/02/2016 02:50 PM, Doug Newgard wrote:
On Sat, 2 Jan 2016 15:35:01 -0700 Leonid Isaev <leonid.isaev@jila.colorado.edu> wrote:
On Sat, Jan 02, 2016 at 02:06:05PM -0800, Kyle Terrien wrote:
Thank you! I was tempted to reopen it, but it looks like the general consensus is that an AUR package will be submitted.
You can only request to reopen...
And that request would be denied unless you can bring new info to the table. So far, I haven't seen any.
The new info I have is that Mozilla is creating a walled garden. There is no way to override it besides rebuilding Firefox. The Fedora bugreport I pointed at earlier [0] compares this to package signing in RPM (or in our case pacman). The difference with package signing is that a user can add his own key and use that key to sign packages. In Firefox 44, you can do no such thing. You are at Mozilla's mercy. And Mozilla's add-on checker isn't perfect either [1]. These two reasons are why I believe that Mozilla's signature policy is a step in the wrong direction. On the other hand, I fully understand why we would want to follow upstream--less work for packaging and testing, as well as official sanctioning via branding. But I'm not affected much anyway because I'm on Pale Moon (using their official builds). --Kyle Terrien [0] https://fedorahosted.org/fesco/ticket/1518 [1] http://danstillman.com/2015/11/23/firefox-extension-scanning-is-security-the...