Mozilla has published initial details of what went wrong over the week-end when all add-ons were disabled due to the expiry of a certificate and what they did to quickly rectify the problem.

hacks.mozilla.org/2019/05/tech

Discussion on Hacker News [ hacks.mozilla.org/2019/05/tech ]

Nice touch. Mozilla has also deleted Telemetry data for that period as some users had to enable Telemetry to get the hot-fix.

"In order to respect our users’ potential intentions as much as possible, based on our current set up, we will be deleting all of our source Telemetry and Studies data for our entire user population collected between 2019-05-04T11:00:00Z and 2019-05-11T11:00:00Z."

blog.mozilla.org/blog/2019/05/

@sohkamyung @phoe I still would like them to just post fix so anybody can download it/verify and install themselves than just "you need to enable studies/telemetry/whatever to get the fix, but we'll be nice and delete the data". If I can' trust them to handle certificate with fixed expiration date for the second time in a row, I don't really trust them with anything anymore.

Follow

@sirmacik @phoe They have also released an updated version of Firefox (a point release).

Some details on that in this companion post about the technical aspects of the outage

hacks.mozilla.org/2019/05/tech

@sohkamyung @phoe I know there are at least few users for which new release haven't fixed anything. There are still issues with containers. What's so technical about "we forgot to renew the dam certificate for the second time"...

@sirmacik
Wasn't it the cert owned by the company that signs mozilla's certs that expired, the intermediary cert?
@sohkamyung @phoe

Sign in to participate in the conversation
Mastodon

mstdn.io is one of the instance in the fediverse. We're an open-minded generalistic instance. Learn more here!