Re: Extension security?
- From: Jonathan Wilkes <jancsika yahoo com>
- To: Pauli Virtanen <pav iki fi>, "gnome-shell-list gnome org" <gnome-shell-list gnome org>
- Subject: Re: Extension security?
- Date: Fri, 16 Dec 2011 08:38:03 -0800 (PST)
> From: Pauli Virtanen <pav iki fi>
>To: gnome-shell-list gnome org
>Sent: Tuesday, December 13, 2011 4:58 AM
>Subject: Re: Extension security?
>13.12.2011 02:31, Jonathan Wilkes kirjoitti:
>> So are all reviewed extensions signed with a key that is not kept on a public system, as Alan Cox proposed? I couldn't tell from the "About" page, nor from the discussions referenced in above responses.
>There does not seem to be additional signature checks on the client
>side, apart from relying on the https certificate for the whole site:
So when someone hacks the extension website and changes the code for "Popular Extension #1" to log the user's keystrokes, how
does my Gnome Shell know to reject that rogue extension when I try to install it?
>gnome-shell-list mailing list
>gnome-shell-list gnome org
] [Thread Prev