[Project_owners] newbie question: how do secure updates for FF 3.0 work?
Douglas E. Warner
silfreed at silfreed.net
Fri Feb 15 12:49:55 PST 2008
On Friday 15 February 2008, Godmar Back wrote:
> It seems to me that there may be a number of projects hosted on
> mozdev.org that may face the same issue. Am I misreading the
> instructions? Is there really no way to make existing add-ons
> compatible so that they can be automatically updated?
Right now the best thing you can do is being using McCoy [1] to sign your
update manifests and add the updateHash to your files. This will allow you
to serve your update.rdf files from http sites securely and provide automatic
updates.
Another alternative is to add your XPIs to addons.mozilla.org; these provide
https downloads of update.rdf files so they can provide secure, automatic
updates as well.
At Mozdev.org we're working on providing a way for project owners to host
secure updates here. We are currently working on allowing secure installs
using InstallTrigger (bug#17302 [2]). Another step would be for Mozdev to
autogenerate update.rdf files (bug#18526 [3]), but this is currently not on
the roadmap. Mozdev.org would be able to serve this update.rdf file from a
secure location which would allow for secure, automatic updates through
FireFox 3 as well.
If you'd like to see any of our roadmap priorities changed or rearranged, let
us know.
-Doug
[1] http://wiki.mozilla.org/McCoy
[2] http://bugzilla.mozdev.org/show_bug.cgi?id=17302
[3] https://www.mozdev.org/bugs/show_bug.cgi?id=18526
--
Douglas E. Warner <silfreed at silfreed.net> Site Developer
Mozdev.org http://www.mozdev.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.mozdev.org/pipermail/project_owners/attachments/20080215/6e6d7d59/attachment.bin
More information about the Project_owners
mailing list