On Mon, Jan 4, 2016 at 12:37 PM, Robert Strong <rstr...@mozilla.com> wrote:
> > > On Mon, Jan 4, 2016 at 10:53 AM, Chris Peterson <cpeter...@mozilla.com> > wrote: > >> On 1/4/16 10:45 AM, Daniel Holbert wrote: >> >>> On 01/04/2016 10:33 AM, Josh Matthews wrote: >>> >>>> >Wouldn't the SSL cert failures also prevent submitting the telemetry >>>> >payload to Mozilla's servers? >>>> >>> Hmm... actually, I'll bet the cert errors will prevent Firefox updates, >>> for that matter! (I'm assuming the update-check is performed over HTTPS.) >>> >>> So there might be literally nothing we can do to improve the situation >>> for these users, from a changes-to-Firefox perspective. >>> >> >> On Windows, Firefox is updated by a background service (the Mozilla >> Maintenance Service). Will the SHA-1/spyware proxy breakage affect the >> background service? > > The maintenance service does not have network access and the update check > and download occur within Firefox itself. The update check and download has > already been addressed via several bugs. > I unintentionally made it seem that this would also handle the MITM case which is not handled by any of these bugs since app update just utilizes built-in Firefox networking. > > > Robert > > > >> _______________________________________________ >> dev-platform mailing list >> dev-platform@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-platform >> > > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
