Search Support

Beware of phishing attacks: Mozilla will never ask you to call a number or visit a non-Mozilla website. Please ignore such requests.

Learn More

No public key for Firefox funnelcake.

  • 5 ответов
  • 2 имеют эту проблему
  • 42 просмотра
  • Последний ответ от Mace2

more options

When I download the latest version of Firefox from "https://www.mozilla.org/en-US/firefox/all/#en-US" It downloads Funnelcake.Sha 512 9afd084156f5fda909cc51b2ebf539e75f788fa4c80b78445797ceb845041c0838e287493a0f849d1f357ecf7493efc1adabc786eb53b80fbeff6e433cbb2506

When I go to "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/" to verify via PGP I only see the the "Firefox 40.3.dmg.asc" but no public key like other releases. If I try to validate the "Firefox 40.3.dmg.asc" using the "Mozilla software release public key" it does not authenticate. But If I go to Firefox 40. it autheticates usung PGP and it has the public key in the folder "https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/40.0/" Anyone know why?

Изменено James

All Replies (5)

more options

Did some research, and got very hungry looking thru all those cakes.

http://community.norton.com/en/search/site/Funnelcake

You are not alone.

more options

Funnelcake builds are an experiment for (new) Firefox users that offer a different Firefox version for testing the user experience.

I don't think that there are checksums available for such special builds, they are only available for the official releases.

There are more such builds planned:

  • Bug 1202786 - Create funnelcake builds for OSX EN with a 2nd Tab at FirstRun.
  • Bug 1205743 - Create funnelcake builds for Firefox 41.0 to understand SEM acquired users
  • Bug 1184279 - Create funnelcake builds to test Firefox homepage variations

Please do not comment in bug reports
https://bugzilla.mozilla.org/page.cgi?id=etiquette.html

more options

Then why is there a Firefox 40.3.dmg.asc file which is a signature file used with PGP?

more options

OK, I missed the .asc file.

I see this on Linux in a terminal window with the KEY file present in the Firefox 40.0.3 release folder.

gpg --import <KEY
gpg: key D98F0353: public key "Mozilla Software Releases <release@mozilla.com>" imported
gpg: Total number processed: 1
gpg:               imported: 1  (RSA: 1)

gpg -v --verify "Firefox 40.0.3.dmg.asc"
Version: GnuPG v2.0.14 (GNU/Linux)
gpg: armor header: 
gpg: assuming signed data in `Firefox 40.0.3.dmg'
gpg: Signature made Tue 15 Sep 2015 12:47:04 AM CEST using RSA key ID 5E9905DB
gpg: using subkey 5E9905DB instead of primary key D98F0353
gpg: using PGP trust model
gpg: Good signature from "Mozilla Software Releases <release@mozilla.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 14F2 6682 D091 6CDD 81E3  7B6D 61B7 B526 D98F 0353
     Subkey fingerprint: F2EF 4E6E 6AE7 5B95 F11F  1EB5 1C69 C4E5 5E99 05DB
gpg: binary signature, digest algorithm SHA1
more options

This doesn't tell me how to verify Funnel cake via PGP?