I don't know why there are only 4 certificates on the user certificate
list when I use window.crypto.signText. I have 5 certificates
installed in my Firefox and I can see all of them from the Tools -->
Options --> See certificates but, when the certificate's selection
dialog appears it only shows 4
Nelson B schrieb:
> As I understand it, presently the downloads of mozilla addons are
> validated not with code signatures but by the following method:
> A hash of the file is stored on an https server operated by mozilla,
> the actual file may be downloaded from anywhere, by any means including
>
Kai Engert wrote:
> Nelson B schrieb:
>> Dave Townsend wrote:
>>
>>> Nelson Bolyard wrote:
>>>
$18/year is too expensive, eh?
>>> Heh, this is true. My attempts to find cheap SSL certificates had only
>>> yielded $100/per year jobs. Given that they are not that expensive I
> I created a self-signed certificate and put it into my ~/.ca database.
> I used signtool -G to create it, so I have a private key and
> x509.cacert. This is the output with certutil -L
> testcert u,u,Cu
>
> I load the x509.cacert into my ~/.xula
Dave Townsend schrieb:
> Nils Maier wrote:
>> Addressing Dave's demand for proposals:
>
> Sorry but I didn't actually demand proposals. I gave one and asked for
> opinions on it. I am of course open to other proposals and a few have
> been given.
>
>> If there is no workable solution then don't i
Nils Maier wrote:
> Addressing Dave's demand for proposals:
Sorry but I didn't actually demand proposals. I gave one and asked for
opinions on it. I am of course open to other proposals and a few have
been given.
> If there is no workable solution then don't implement one.
As far as I can tell
Dave Townsend schrieb:
> Gervase Markham wrote:
>> Dave Townsend wrote:
>>> Some examples that I have heard (or experienced myself):
>>>
>>> Long review times leading to slow updates for the users.
>>> Dissatisfaction with the new Sandbox.
>>> Poor download statistics.
>>> Restrictions on what kind
Gervase Markham wrote:
> Dave Townsend wrote:
>> Some examples that I have heard (or experienced myself):
>>
>> Long review times leading to slow updates for the users.
>> Dissatisfaction with the new Sandbox.
>> Poor download statistics.
>> Restrictions on what kind of add-ons they will host.
>> R
Gervase Markham wrote:
>
> The question is: how much harder is "harder"? Anyone can write an
> extension and make it available for free to the world today, paying not
> a penny. OK, so the service isn't instantaneous, and they don't get
> great stats. But it's free!
>
Gerv, I think stats is s
Gervase Markham wrote:
> OK. So instead of using our resource to fix these things, we are fixing
> the problem that they can't afford $40 for SSL hosting?
>
> a.m.o. isn't the best thing, but it's free. Hosting your own with SSL
> isn't free, but it gives you more flexibility. I really think the
Dave Townsend wrote:
> Yes that plan allows everyone to host, however we are forcing them down
> a path they previously didn't want, i.e. hosting on AMO, or paying for
> the privilege of writing extensions.
>
> Don't get me wrong, I would almost love it if this was the chosen route,
> it's a pi
Dave Townsend wrote:
> Some examples that I have heard (or experienced myself):
>
> Long review times leading to slow updates for the users.
> Dissatisfaction with the new Sandbox.
> Poor download statistics.
> Restrictions on what kind of add-ons they will host.
> Restrictions on the application
Kai Engert wrote:
> Wouldn't he require an object-signing aka code-signing cert?
Not as I understand it. We are talking about making sure that the
downloaded file is the correct file, not making sure that the code is
traceable back to a particular named individual. That's a separate issue.
Gerv
13 matches
Mail list logo
