[Project_owners] Secure installation of extensions, Project overview pages, and file release system
Douglas E. Warner
silfreed at silfreed.net
Fri Mar 28 06:03:25 PDT 2008
On Friday 28 March 2008 05:31:27 Onno Ekker wrote:
> Can you add file_management.html url to the
> https://www.mozdev.org/profile/index.html ?
Done, thanks; It was previously linked from the "All Resources" page, but I
missed this one.
> And after submitting files, you end up in an empty
> file_managment_actions.php. It would be better to return to the project
> selection page.
This isn't the desired action, but I haven't been able to duplicate it. Could
you send me some more details about your workflow off-list?
> I don't really see why end-users would believe they now have safe
> downloads. To the user, the only thing that has changed, is that they
> can start the download from a secure website, but they can't see that
> the file is also verified and they cannot verify the file themselves,
> since you don't display the md5sum. The download itself is still from an
> unsecure website, so the user could download another file than he thinks.
The security comes from using InstallTrigger which will verify the hash
against the downloaded file for the user automatically. This hash is served
from a secure website, therefore the hash can be trusted. The file can then
be downloaded from anywhere and compared against the trusted hash.
Douglas E. Warner <silfreed at silfreed.net> Site Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://www.mozdev.org/pipermail/project_owners/attachments/20080328/bcb8dd2d/attachment.bin
More information about the Project_owners