Re: Notes on extensions.gnome.org security
- From: Alan Cox <alan lxorguk ukuu org uk>
- To: Owen Taylor <otaylor redhat com>
- Cc: gnome-shell-list gnome org, desktop-devel-list gnome org
- Subject: Re: Notes on extensions.gnome.org security
- Date: Thu, 1 Sep 2011 18:56:42 +0100
> A) Make the plugin only tell the downloader what to download and not
> to download it from.
You still need a key - even if the https:// authentication for gnome.org
itself to prove the connection is to the correct site.
> B) Sign extension dowloads with a gnome.org private key.
> A) is considerably simpler. B) offers some more flexibility. (You can
> still handle offload in the A) case by doing redirects.)
Another way to address B is to sign an index of locations of and hashes
for the extensions rather than signing each extension individually. Might
be easier to operate but with B you could use a heirarchy of keys
(gnome->signer) which would let the installer see who (one or many) signed
the package having reviewed it, and also allow revocations.
] [Thread Prev