On Thu, Jan 07, 2016 at 11:06:35AM -0700, Chris Murphy wrote:
Mozilla provides an API to sign extensions outside from their infrastructure. It's our infrastructural decision (correctly in my opinion) that prohibits this type of implementation.
Why is it OK for Fedora infrastructure to sign the bootloader, the kernel, and kernel modules, but not application extensions?
I don't think that's the question. The problem is that there isn't a way for us to sign them -- the above is just an API for Mozilla to sign them over the network, right?