Techly NewsGet the app

Get the latest tech news

A brief history of code signing at Mozilla


Shipping large software to end-user devices is a complicated process. Shipping large software securely to end-user devices is even more complicated. Signing the things that ship to end-user devices is

Rather than require a Release Engineer to be around at the right moment, we adjusted our scripts to allow them to be started ahead of time, and be smart enough to know when all of the files it needs to sign are ready. An important part of this change is the introduction of Chain of Trust, a significant security enhancement that helps ensure that only authentic artifacts are signed to this day. I don't think it would be possible to name everyone that contributed to this, but it took the ideas and efforts of tens, if not hundreds, of people to get to this point: release engineers, build system experts, security folks, and many others were all critical to getting us where we are today.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Mozilla

Mozilla

Photo of brief history

brief history

Photo of code signing

code signing

Related news:

News photo

A brief history of counting machines (2023)

News photo

A brief history of mass hacks

News photo

Mozilla Settles Case Over Its Refusal to Hire Apple Activist

« Bluesky will soon let you limit replies to ‘followers only’
Show HN: A website that heatmaps your city based on your housing preferences »