[lug] FF Certificate Expiry vs. Good Practice
Jed S. Baer
blug at jbaer.cotse.net
Sat May 4 07:36:07 MDT 2019
I got smacked by this Firefox debacle yesterday, and of course, had no
idea why my extensions suddenly quit working, especially since I hadn't
done an upgrade, nor even stopped/restarted my browser. I discovered
that, contra Mozilla's claim that it wasn't there, the xpinstall config
item was present and usable, so I set that to false. Then, this AM I see
the /. thread.
https://news.slashdot.org/story/19/05/04/0457201/a-glitch-is-breaking-all-firefox-extensions
So, I'm not a modern 1337 h4X0r like the FF devs, so I guess I don't get
the part about the certificate being "built into" the browser. Does that
mean hard-coded?
It it's hard-coded, than that means that when it expires, the only fix is
to patch it? I guess I can sorta grok some thinking there, that if it's
hard-coded, it's harder to tamper with it. There must be a better way, no?
More information about the LUG
mailing list