[Project_owners] Online version of McCoy

Matthew Wilson matthew at mjwilson.demon.co.uk
Tue Feb 5 11:49:17 PST 2008


Matthew Wilson wrote:
> Eric H. Jung wrote:
>> --- Andrew Archer <AndrewArcher at hotmail.com> wrote:
>>
>>> I'm curious to know how the keys will be kept secure.
>> The wouldn't be any keys in an online version. It would work like this:
>>
>> 1. User uploads XPI to http://mozdev.org/mccoy
>> 2. mozdev.org generates hash of uploaded XPI
>> 3. mozdev.org unzips XPI, inserts the <em:updateHash/> into install.rdf, re-zips XPI, sends XPI
>> back to user as a file download
>>
>> http://developer.mozilla.org/en/docs/Extension_Versioning,_Update_and_Compatibility#Update_Hashes
> 
> That's not the McCoy functionality though is it? em:updateHash was 
> available before McCoy, and doesn't secure updates.

Sorry, I'm at least half wrong here. It does secure updates, but isn't 
related to McCoy.

Matthew


More information about the Project_owners mailing list