Bug 41668 (part 1): Split 13379 again, and a couple of improvements on it
Merge Info
Related Issues
Backport Timeline
-
Immediate - patchsets for critical bug fixes or other major blocker (e.g. fixes for a 0-day exploit) OR patchsets with trivial changes which do not need testing (e.g. fixes for typos or fixes easily verified in a local developer build) -
Next Minor Stable Release - patchset that needs to be verified in nightly before backport -
Eventually - patchset that needs to be verified in alpha before backport -
No Backport - patchset for the next major stable
Upstream Merging
-
Merge to base-browser- typically for!fixupsto patches in thebase-browserbranch, though sometimes new patches as well-
NOTE: if your changeset includes patches to both
base-browserandtor-browserplease please make separate merge requests for each part - I'd merge only the NSS part for now
-
NOTE: if your changeset includes patches to both
Issue Tracking
-
Link resolved issues with appropriate Release Prep issue for changelog generation
Change Description
Bug 19121 at a certain point was squashed into the commit we now know as Bug 13379.
This MR splits the two commits again, and adds some improvements to the commits:
- using NSS for the mar signatures is now a compile time option (I hope Mozilla uplifts this patch);
- the digest is converted to hex in a more modern fashion
🙂 .
I think we should keep my fixups unsquashes from the MR, because they are the commits that actually make the changes, the rest are just shuffling code around.
Also, more importantly: I propose keeping the hash check only on Tor Browser.
I think Mozilla was right enough in saying that checking an update signature is enough, and you don't need to check both the hash and the signature.
I think we should discuss this before moving the change also to the other browsers, because once it is enabled you need a watershed to disable it.