Talk:McCoy
From MDC
I find this page insufficient to teach me what I need to do.
I have themes for Firefox hosted on AMO. I have been trying to use McCoy to make them secure in anticipation of fx3. I have installed and run McCoy. I have used McCoy to install an update code to one of my themes. But now what?
How does one test a theme's security? Having installed an update code in one of my themes, I see no changes.
This test theme is sitting in its directory. Normally I make changes to the theme until I am satisfied, then bundle the whole thing up in a jarfile and send it to AMO. But so far, all the changes I make do nothing as far as fx3.0a9pre is concerned. It tells me my theme is insecure. Must I install the update key in a theme, then install the theme?
Bottom line here: you need to have both a themer and an extension developer go through the process of securing a theme, and then provide the rest of us with step-by-step directions. Maybe extension writers have no problem with your directions, but we themers do not usually work with xul, or even xml.
I find the discussion on updates.rdf, for example, to be entirely unhelpful. Do I need this if I do not host my own themes? If I must use this, what does <id> mean? Do I use angled brackets inside angled brackets? Or what? Please recall that some of us were snookered into creating GUID's for our themes and are stuck with them.
Ed Hume (SphereGnome, etc.)
Right now, I build my xpi files using an ANT build process. The install.rdf file is generated (the version number is added) during the process, so I can't easily manually sign it until it's already been bundled in the xpi file. There are two solutions that I can think of: either include a way for mccoy to be called as part of an automated process (and this may already be the case), or implement a way for mccoy to sign xpi files (by opening them and signing the install.rdf contained within). I'd prefer the latter, and it seems like it shouldn't be too difficult.
Lars Mortenson