<html><head><meta http-equiv="Content-Type" content="text/html charset=iso-8859-1"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">In talking in #packagedapps, a group of us have discovered a potential conflict of objectives of meeting "zero" tef+ blockers by Feb 15th and producing a MWC golden build for FF OS demos by this Friday. </div></blockquote><div><br></div>These are two separate goals. For MWC, we should be using a developer-built image so that last minute changes (like a swap of certs) can be made to the demo images.<div><br></div><div><blockquote type="cite"><div text="#000000" bgcolor="#FFFFFF">When should we switch over to the production certs taking into account the problem and risk stated above?<br></div></blockquote><div><br></div>If we're really trying to avoid a developer-built image w/ fixes, why not just land today?<br><div><br></div><div>-Alex</div><div><br><div><div>On Feb 12, 2013, at 6:04 PM, Jason Smith <<a href="mailto:jsmith@mozilla.com">jsmith@mozilla.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
<div text="#000000" bgcolor="#FFFFFF">
Hi B2G Release Drivers,<br>
<br>
In talking in #packagedapps, a group of us have discovered a
potential conflict of objectives of meeting "zero" tef+ blockers by
Feb 15th and producing a MWC golden build for FF OS demos by this
Friday. The problem in summary is the following:<br>
<br>
QA has a requirement that we have to produce a golden build for MWC
demos by this Friday for FF OS. However, we also have a tef+ blocker
(bug 822944) and related marketplace bugs (bug 819053 & bug
840782) that when landed, will change what certificate we check
against when we install a privileged packaged app. As a result, when
all three of these bugs have landed, if I grabbed an older build of
FF OS without the prod certs, you won't be able to install a
privileged app.<br>
<br>
The big potential risk in the following:<br>
<br>
The golden build QA signs off for FF OS does not include production
certs. However, we then land the three bugs to switch over the prod
certs. As a result, the golden build can no longer be used to
install privileged packaged apps. We would then need to generate new
builds containing the production certs to be able to install those
apps. However, generating a new build injects the risk that the
build hasn't been vetted for in QA signoff, resulting in quality
risks to various FF OS MWC demos.<br>
<br>
I'd like some insight to address the following question:<br>
<br>
When should we switch over to the production certs taking into
account the problem and risk stated above?<br>
<br>
Thoughts?<br>
<br>
References:<br>
<ul>
<li><a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=822944">https://bugzilla.mozilla.org/show_bug.cgi?id=822944</a> - Replace
marketplace cert with final version (with production key) = tef+<br>
</li>
<li><a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=819053">https://bugzilla.mozilla.org/show_bug.cgi?id=819053</a> - Create
public certificate for signing apps on prod = marketplace
related bug</li>
<li><a class="moz-txt-link-freetext" href="https://bugzilla.mozilla.org/show_bug.cgi?id=840782">https://bugzilla.mozilla.org/show_bug.cgi?id=840782</a> - Re-sign
apps once official cert is in place = marketplace related bug<br>
</li>
</ul>
<pre class="moz-signature" cols="72">--
Sincerely,
Jason Smith
Desktop QA Engineer
Mozilla Corporation
<a class="moz-txt-link-freetext" href="https://quality.mozilla.com/">https://quality.mozilla.com</a></pre>
</div>
_______________________________________________<br>B2g-release-drivers mailing list<br><a href="mailto:B2g-release-drivers@mozilla.org">B2g-release-drivers@mozilla.org</a><br>https://mail.mozilla.org/listinfo/b2g-release-drivers<br></blockquote></div><br></div></div></body></html>