Re: Extension security?

From: Jonathan Wilkes <jancsika yahoo com>
To: Pauli Virtanen <pav iki fi>, "gnome-shell-list gnome org" <gnome-shell-list gnome org>
Subject: Re: Extension security?
Date: Fri, 16 Dec 2011 08:38:03 -0800 (PST)

>________________________________
> From: Pauli Virtanen <pav iki fi>
>To: gnome-shell-list gnome org 
>Sent: Tuesday, December 13, 2011 4:58 AM
>Subject: Re: Extension security?
> 
>13.12.2011 02:31, Jonathan Wilkes kirjoitti:
>> So are all reviewed extensions signed with a key that is not kept on a public system, as Alan Cox proposed?  I couldn't tell from the "About" page, nor from the discussions referenced in above responses.
>
>There does not seem to be additional signature checks on the client
>side, apart from relying on the https certificate for the whole site:
>
>http://git.gnome.org/browse/gnome-shell/tree/js/ui/extensionSystem.js


So when someone hacks the extension website and changes the code for "Popular Extension #1" to log the user's keystrokes, how 

does my Gnome Shell know to reject that rogue extension when I try to install it?

-Jonathan


>
>_______________________________________________
>gnome-shell-list mailing list
>gnome-shell-list gnome org
>http://mail.gnome.org/mailman/listinfo/gnome-shell-list
>
>
>

Follow-Ups:
- Re: Extension security?
  - From: Olav Vitters

References:
- RE: Extension security?
  - From: Jonathan Wilkes
- Re: Extension security?
  - From: Pauli Virtanen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]