New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 1780787 - signingscript: remove digicerthack #584
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me based on the fact that we're just reverting commits and based on the thorough explanation in bug 1780787 comment 1.
Do we have a way to test this on try and nightly first? If we could make this change ride the trains, that would give us some leeway to ensure the timing is right and we don't break anything. That said, I'm not going to block on this 🙂
0a8c7e0
to
dad19ea
Compare
There's a few things we could do. Off the top of my head:
It all depends on the amount of effort we want to spend vs the risk. I'm reasonably comfortable landing this directly after the checks I've done, but I could be convinced to go for a more cautious approach. |
Thanks for thinking these options through, @jcristau! To me, the third one is the most pragmatic. We can test this on the Nightly population without landing many patches in various places. |
dad19ea
to
bbd03d7
Compare
…780787) (mozilla-releng#588)" This reverts commit 75e90ad.
…ix files (mozilla-releng#512)" This reverts commit ad2baab.
…fox (mozilla-releng#511)" This reverts commit 4baf701.
This reverts commit c40a9c6, except for the tox.ini part removing python 3.8 testing.
…thenticode signature" This reverts commit 16ed370.
bbd03d7
to
df3ca59
Compare
DigiCert's timestamp server now includes an intermediate in its response that serves our purposes (chains to a root that's included in Windows 7), so we don't need to mess with the certificates ourselves anymore.