[Project_owners] signed XPI files
paul at paultomlin.com
Fri Oct 21 18:08:13 EDT 2005
Eric Jung wrote:
> Does anyone know how to sign a XPI file? I'd heard the Yahoo! Search
> Bar extension for Firefox was signed.
But to add more to the discussion, would it be seen as valuable and/or
possible to do this via mozdev?
Some form of code review possibly warranted to ensure no nastiness (I
recall a previous discussion on similar grounds), the exact machanism
for which I couldn't say.
But, maybe an automated system whereby a request from an author for a
signed package of a particular CVS tag could start a swathe of testing
:) followed by voting and a generated XPI if all goes well.
Initial testing might be lengthly (AMO is currently some 130+ extensions
in the initial submission queue - due to longer initial review) but
updates might be easier since diffing the CVS would show changes. By
using the CVS tree we can ensure what is built is what's there, it's not
code delivered by the author, the system simply extracts it from CVS on
Small PayPal-esque fee to cover cert costs? Though that might discourage
frequent requests to the detriment of speeding the review (larger diff
== more time). And certs aren't that pricey.
Not sure myself. Would I pay, probably $10, if I thought that people
would care. So far they haven't but you never know. OTOH, if someone
really cared I could do it, special like, for a little more than $10 ;)
More information about the Project_owners