[Project_owners] Secure Updates for Firefox 3
Douglas E. Warner
silfreed at silfreed.net
Tue Jul 17 19:35:38 PDT 2007
On Tuesday 17 July 2007, Scott wrote:
> I already sign my XPI's with a SSL cert. I followed
> http://www.mozdevgroup.com/docs/pete/Signing-an-XPI.html to do this.
> Will I be required to stop doing that and use gpg then ? I figured a SSL
> cert was much better.
GPG and SSL can provide similar utilities here; the signing of a package.
My understanding right now is that you'll be signing the updates.rdf file to
prove that the original developer is the same one pushing the update. It
will be very similar to the process you're currently using to sign your XPIs.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mozdev.org/pipermail/project_owners/attachments/20070717/1471d204/attachment.bin
More information about the Project_owners