Gervase Markham wrote: > Nelson B wrote: >> This scheme is intended to make code signatures unnecessary. (Someone >> at mozilla is allergic to code signing, evidently.) But at the cost that >> mozilla must be given the new hashes for any new addons and any new >> updates >> to addons. > > Not allergic; we don't want to accept sucky code-signing certs, and we > don't want app authors to have to pay lot of money for non-sucky ones.
I agree. *Therefore* Mozilla.org need to have it's own code signing authority, and only accept code signed by it. You have all the competence needed on this group to help you set it up. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
