All extensions disabled due to expiration of intermediate signing cert

(bugzilla.mozilla.org)

1318 points xvector | 1 comments | 04 May 19 01:31 UTC | HN request time: 0.26s | source

Show context

Grue3 ◴[04 May 19 07:47 UTC] No.19825053[source]▶

>>19823701 (OP) #

What kind of idiot thought that the add-ons I have personally installed on my browser need to have a capability to be remotely disabled despite literally nothing being changed.

This is absolutely inexcusable. I want to see everyone being responsible for this "verified add-ons" fiasco fired from the team (after they roll it back of course).

replies(7): >>19825074 #>>19825084 #>>19825094 #>>19825120 #>>19825147 #>>19825255 #>>19825358 #

swalladge ◴[04 May 19 07:55 UTC] No.19825074[source]▶

>>19825053 #

Exactly. If me/firefox has verified the signature (or approved the download) when downloading or updating the addon, that should be all that's necessary. Why does firefox have to check signatures constantly?

replies(2): >>19825114 #>>19825160 #

1. hinkley ◴[04 May 19 08:17 UTC] No.19825160[source]▶

>>19825074 #

I worked on a code signing system a number of years ago and it was surprising the degree to which I had to rearrange the logic and the tool chain in order to get high code coverage on all the failure modes.

IIRC one of the tools wouldn’t let me work with expired certs. I can’t recall now whether I fixed that or made carts that expire in ten seconds and just waited it out.

Anyway, a number of people weren’t even sure why I was going through the trouble. It’s easier to get something wrong than it should be (super obtuse APIs) and you don’t always get enough support or pushback to get everything absolutely right.

↑