[Project_owners] McCoy for extension signing

Douglas E. Warner silfreed at silfreed.net
Wed Sep 19 08:04:39 PDT 2007


On Tuesday 18 September 2007, Michael Vincent van Rantwijk, MultiZilla wrote:
> McCoy is a XULRunner application (which BTW should run on SuiteRunner as
> well) enables you to update your software in a more secure way, but the
> initial installation stays as is, and thus unprotected.  In other words
> we're not able to offer the same level of security (this compared with
> a.m.o).

We would like to support InstallTrigger through a secure site 
(https://www.mozdev.org/bugs/show_bug.cgi?id=17302).  We need to make some 
enhancements to our mirror system first in order to support this (next on the 
roadmap after Drupal).

This combined with using a tool like McCoy to sign your updates.rdf file and 
having updateHash in the updates.rdf file will provide the user with secure 
extension installation and downloads.

Of course, you're always free to use addons.mozilla.org to host your 
extensions downloads until we get this tools ready at Mozdev.org.

-Doug

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://mozdev.org/pipermail/project_owners/attachments/20070919/df605e96/attachment.bin 


More information about the Project_owners mailing list