5 years ago Requirements: * We need to be able to verify the bits to a Mozilla-trusted source (Mozilla update server) * We expect the plugin API to change for a while yet, and so we're going to need to serve different Cisco plugins to different release channels * It would be nice to be able to issue out-of-band updates to the plugin that didn't require a full Firefox respin. This may not be a 100% requirement, if we're willing to respin a Firefox dot-release. * After somebody updates Firefox, they may have an 'old' OpenH264 plugin and we need to decide whether it's ok to keep using it or not (blocklisting, perhaps a separate bug). 5 years ago The manifests will be handled through AUS. Here is the schema that I proposed that we should use a spec or strawman: If there is a Firefox update available, minimum requirement:. NPM wrapper for installing phantomjs. SlimerJS runs on Gecko, the browser engine behind Mozilla Firefox, and aims to be. Installation fails with spawn ENOENT. Walkthrough for resident evil 5 pc 2. Do you live in China, or a country with an authoritarian government? Turning off strict-ssl leaves you vulnerable to attackers reading your encrypted traffic,. Real traffic spawn install firefox 0 Comments Read Now. Real traffic spawn install firefox ADD-ON FOR ALL - Take control of your web experience. If there is a Firefox update available, we could provide an advisory download for the new OpenH264 version. This is NOT a v1 requirement: rstrong if I'm reading and 1716 correctly, having the extra toplevel element will not affect existing clients. Can you confirm? 5 years ago We investigated adding this to AMO (addon update), blocklist, PFS, AUS, and a separate ping. As it stands, the requirement that this be able to ride trains and be tightly coupled to Firefox releases even though it is a separate product led me to the conclusion that AUS is the right choice. AMO doesn't have the concept of release channels and doesn't really have any active developers. A separate ping would be ok, but both I and the privacy team would very much like to avoid new pings if they aren't necessary. It appears to me that the risk of adding this to the AUS ping can be well-contained. We'll just need to code a little defensively. 5 years ago Since this is the first I have heard about it I want to consider this further. We code very defensively for app update but as you have seen we are loosing around 2% of users per release without a clear reason as to why. Adding this could easily further complicate that even with coding defensively. A couple of concerns off the top of my head. We have already moved away from verifying the ssl certificate of AUS on Windows and will be doing the same on Mac and Linux soon. We did this since there are edgecases (you emailed me about the proxy server edgecase) and I do not want to reintroduce that since it prevents people from updating. The blocklist service understands channels. Also, app update can be disabled with Firefox UI whereas the blocklist can only be disabled via hidden prefs. There is nothing that app update has for verifying this payload beyond the simple hash check after download which is not robust which is why mar signing has been implemented on Windows and is almost finished for Mac and Linux.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |