1292782 – mozilla-https-everywhere disabled by default in Firefox 43

Bug 1292782 - mozilla-https-everywhere disabled by default in Firefox 43

Summary: mozilla-https-everywhere disabled by default in Firefox 43

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	mozilla-https-everywhere
Sub Component:
Version:	23
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Russell Golden
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-18 10:34 UTC by Andre Robatino
Modified:	2016-03-25 08:22 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-03-25 05:00:07 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Andre Robatino 2015-12-18 10:34:27 UTC

Description of problem:
Firefox 43 disables unsigned extensions by default. Must go to about:config and toggle xpinstall.signatures.required to false to enable mozilla-https-everywhere.

Version-Release number of selected component (if applicable):
mozilla-https-everywhere-5.1.1-1.fc23.noarch
firefox-43.0-1.fc23.x86_64

How reproducible:
always

Comment 1 wintonian 2015-12-18 10:43:44 UTC

Just confirming the above and the suggested workaround.

Comment 2 Andre Robatino 2015-12-19 08:30:21 UTC

The xpinstall.signatures.required option is expected to not exist anymore in Firefox 44, scheduled for January 26 release, so this needs to be fixed by then.

Comment 3 Kevin Kofler 2015-12-20 01:47:44 UTC

This needs to be fixed in our Firefox packaging. This iOS-like DRM scheme is entirely incompatible with Free Software and unacceptable for Fedora. If Mozilla refuses to allow us to disable it, we need to go the Iceweasel route.

I am putting this to FESCo's attention.

Comment 4 Kevin Kofler 2015-12-20 02:02:51 UTC

https://fedorahosted.org/fesco/ticket/1518

Note that this CANNOT be fixed in this addon package without violating the Fedora policy that bans shipping binary blobs, and that the blobs are also not going to work on secondary architectures.

Comment 5 Trevor Cordes 2015-12-23 05:52:28 UTC

mozilla-adblockplus-2.6.11-1.fc22.noarch
mozilla-noscript-2.7-1.fc22.noarch

Are also disabled in the new firefox I just updated to tonight on F22.  This is going to bite a lot of people: anybody who uses a Fedora-packaged addon.

I didn't realize the problem was so nasty as to require DRM-ish schemes.  Does FF really want to go the route of being kicked out of Fedora??  If so, must be some ulterior motive.

Comment 6 Russell Golden 2016-02-25 17:34:38 UTC

... You can't be serious. I keep the EFF signature. The build is just a straight unzip of the XPI into the firefox global extension directory, then symlink to seamonkey's.

Is that not enough? Or is Mozilla only going to allow AMO signatures?

Comment 7 Russell Golden 2016-02-25 18:03:57 UTC

Just tried 5.1.4, which actually has the EFF signature, in F22 with Firefox 44. The EFF signature isn't enough. Mozilla's info page does not mention that it must be signed *by Mozilla.*

I can understand the security reasons, but Chrome and iOS come under fire for this. Why do people jailbreak iPhones? Because they want to install stuff that doesn't have Apple's blessing.

Geez, Mozilla. What happened to coding for the users?

Comment 8 Andre Robatino 2016-03-25 05:00:07 UTC

With firefox-45.0.1-2.fc23, the extension is enabled by default (even with xpinstall.signatures.required set to the default true).

Comment 9 wintonian 2016-03-25 08:22:15 UTC

(In reply to Andre Robatino from comment #8)
> With firefox-45.0.1-2.fc23, the extension is enabled by default (even with
> xpinstall.signatures.required set to the default true).

here has been some sort of agreement to enable Fedora to patch it.

https://fedorahosted.org/fesco/ticket/1518#comment:127

Note You need to log in before you can comment on or make changes to this bug.