info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
intent to ship: sha2 windows signing
73 views
Skip to first unread message
Aki Sasaki
Mar 17, 2021, 5:11:33 PM3/17/21
to dev-platform
Per https://bugzilla.mozilla.org/show_bug.cgi?id=1697185#c4 and
https://jira.mozilla.com/browse/RELENG-429 .
We haven't made a product-level decision here, but a) it looks like
timestamp.digicert.com may have silently EOLed sha1 timestamps since
Microsoft has EOLed sha1 signing years ago, and b) it may be the case that
changing the signature may only affect Windows 7 SP 0 users on first
install. I'm not 100% sure about the second point.
Should we continue testing and rolling out, or pause work here until we
make a product decision?
https://jira.mozilla.com/browse/RELENG-429 .
We haven't made a product-level decision here, but a) it looks like
timestamp.digicert.com may have silently EOLed sha1 timestamps since
Microsoft has EOLed sha1 signing years ago, and b) it may be the case that
changing the signature may only affect Windows 7 SP 0 users on first
install. I'm not 100% sure about the second point.
Should we continue testing and rolling out, or pause work here until we
make a product decision?
Aki Sasaki
Mar 18, 2021, 2:31:59 PM3/18/21
to dev-platform
Per https://jira.mozilla.com/browse/RELENG-431, backwards compatibility
with win7 sp0 may not be a big issue, though I'm happy to delay rollout if
there are any additional concerns. I've linked sha2-signed artifacts in
that ticket; we may want to have a QA pass before we decide to roll out.
with win7 sp0 may not be a big issue, though I'm happy to delay rollout if
there are any additional concerns. I've linked sha2-signed artifacts in
that ticket; we may want to have a QA pass before we decide to roll out.
0 new messages