Re: Extension security?



>________________________________
> From: Pauli Virtanen <pav iki fi>
>To: gnome-shell-list gnome org 
>Sent: Tuesday, December 13, 2011 4:58 AM
>Subject: Re: Extension security?
> 
>13.12.2011 02:31, Jonathan Wilkes kirjoitti:
>> So are all reviewed extensions signed with a key that is not kept on a public system, as Alan Cox proposed?  I couldn't tell from the "About" page, nor from the discussions referenced in above responses.
>
>There does not seem to be additional signature checks on the client
>side, apart from relying on the https certificate for the whole site:
>
>http://git.gnome.org/browse/gnome-shell/tree/js/ui/extensionSystem.js


So when someone hacks the extension website and changes the code for "Popular Extension #1" to log the user's keystrokes, how 

does my Gnome Shell know to reject that rogue extension when I try to install it?

-Jonathan


>
>_______________________________________________
>gnome-shell-list mailing list
>gnome-shell-list gnome org
>http://mail.gnome.org/mailman/listinfo/gnome-shell-list
>
>
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]