Re: Extension security?

From: Pauli Virtanen <pav iki fi>
To: gnome-shell-list gnome org
Subject: Re: Extension security?
Date: Sat, 17 Dec 2011 02:14:53 +0100

16.12.2011 20:44, Olav Vitters kirjoitti:

On Fri, Dec 16, 2011 at 08:38:03AM -0800, Jonathan Wilkes wrote:

So when someone hacks the extension website and changes the code for
"Popular Extension #1" to log the user's keystrokes, how

does my Gnome Shell know to reject that rogue extension when I try to install it?


If the website is hacked, the GPG signature would still be added.

What does this mean? The client as it is in Gnome 3.2.1 does not seem tocontain any code checking GPG signatures --- so if the site is hacked,enjoy your keylogger?


--
Pauli Virtanen

Follow-Ups:
- Re: Extension security?
  - From: Jasper St. Pierre

References:
- RE: Extension security?
  - From: Jonathan Wilkes
- Re: Extension security?
  - From: Pauli Virtanen
- Re: Extension security?
  - From: Jonathan Wilkes
- Re: Extension security?
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]