Comment 3 for bug 1482219

Upstream has now released a 2.2 release together with signed XPI:

I tested that just building a new deb package out of the new sources (with unmodified upstream) files does not get rid of the warning, ie it does not seem to be enough that the contents match to an extension that has been signed by Mozilla. What else should be done, or am I missing something?