On Wed, Jul 19, 2017 at 5:02 PM, R Kent James <k...@caspia.com> wrote:
> On 7/19/2017 4:06 PM, David Keeler wrote: > >> [dev-apps-thunderbird and dev-apps-seamonkey cc'd, but please discuss on >> dev-platform] >> > ... > >> Given all this, the question is do we still need this second API? Does >> Thunderbird or SeaMonkey use it for any reason, or can we simplify the >> code-base, reduce build size, etc.? >> > > Thunderbird never implemented required code signing for addons, so I can't > imagine we would need the API that you want to remove. But there is a lot > of past history that I do not know, but I'm not sure who else would know > better. > "Required code signing" was not the point of the original question. David's email distinguishes between the method used to enforce extension signing in Firefox (which requires that extensions be signed by Mozilla) and the "second API" that verifies signatures against anything in the app's certificate store. As he says, that second verification method isn't used in Firefox but in other Gecko applications that use the old add-on install confirmation dialog, that dialog includes a note about the certificate (kind of like what's shown in the location bar when browsing with https). The question is about removing the code that powers that. -Andrew _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
