Nelson B schrieb: > Paul "suckerformimi" wrote: >> I've seen this asked many times, but I haven't seen any solutions >> posted. >> >> What zip utility can I use under windows to create a signed XPI? >> I can't find any that let me control the order of the files. > >> Also, what's the easiest way to tell whether my XPI is properly signed? >> Is there an NSS utility that does this? > > Signtool will tell you if your file is a valid JAR file, but will not > check that it is also a valid XPI file. Ultimately, FireFox or SeaMonkey > themselves are the best test tools for XPI files. >
BTW how often is signing of xpi's activly used be developers? I haven't seen a single signed xpi in yet. It's just Fx/Mozilla giving me a big red "not signed" warning every time I install an extension. I think it would give the whole extension system a lot more credibility if more of them would be signed. Making signing easier would be one step. Giving developers signatures with some prove of authenticity would be the other. Jan _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
