Re: Notes on extensions.gnome.org security

From: Alan Cox <alan lxorguk ukuu org uk>
To: Owen Taylor <otaylor redhat com>
Cc: gnome-shell-list gnome org, desktop-devel-list gnome org
Subject: Re: Notes on extensions.gnome.org security
Date: Thu, 1 Sep 2011 18:56:42 +0100

>  A) Make the plugin only tell the downloader what to download and not
>     to download it from.

You still need a key - even if the https:// authentication for gnome.org
itself to prove the connection is to the correct site.

>  B) Sign extension dowloads with a gnome.org private key.
> 
> A) is considerably simpler. B) offers some more flexibility. (You can
> still handle offload in the A) case by doing redirects.)

Another way to address B is to sign an index of locations of and hashes
for the extensions rather than signing each extension individually. Might
be easier to operate but with B you could use a heirarchy of keys
(gnome->signer) which would let the installer see who (one or many) signed
the package having reviewed it, and also allow revocations.

References:
- Re: Notes on extensions.gnome.org security
  - From: Owen Taylor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]