[Project_owners] McCoy for extension signing
Douglas E. Warner
silfreed at silfreed.net
Wed Sep 19 08:04:39 PDT 2007
On Tuesday 18 September 2007, Michael Vincent van Rantwijk, MultiZilla wrote:
> McCoy is a XULRunner application (which BTW should run on SuiteRunner as
> well) enables you to update your software in a more secure way, but the
> initial installation stays as is, and thus unprotected. In other words
> we're not able to offer the same level of security (this compared with
> a.m.o).
We would like to support InstallTrigger through a secure site
(https://www.mozdev.org/bugs/show_bug.cgi?id=17302). We need to make some
enhancements to our mirror system first in order to support this (next on the
roadmap after Drupal).
This combined with using a tool like McCoy to sign your updates.rdf file and
having updateHash in the updates.rdf file will provide the user with secure
extension installation and downloads.
Of course, you're always free to use addons.mozilla.org to host your
extensions downloads until we get this tools ready at Mozdev.org.
-Doug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mozdev.org/pipermail/project_owners/attachments/20070919/df605e96/attachment.bin
More information about the Project_owners
mailing list