[Project_owners] Online version of McCoy
matthew at mjwilson.demon.co.uk
Tue Feb 5 11:46:36 PST 2008
Eric H. Jung wrote:
> --- Andrew Archer <AndrewArcher at hotmail.com> wrote:
>> I'm curious to know how the keys will be kept secure.
> The wouldn't be any keys in an online version. It would work like this:
> 1. User uploads XPI to http://mozdev.org/mccoy
> 2. mozdev.org generates hash of uploaded XPI
> 3. mozdev.org unzips XPI, inserts the <em:updateHash/> into install.rdf, re-zips XPI, sends XPI
> back to user as a file download
That's not the McCoy functionality though is it? em:updateHash was
available before McCoy, and doesn't secure updates.
More information about the Project_owners