Re: Extension security?
- From: "Jasper St. Pierre" <jstpierre mecheye net>
- To: Pauli Virtanen <pav iki fi>
- Cc: gnome-shell-list gnome org
- Subject: Re: Extension security?
- Date: Fri, 16 Dec 2011 21:04:59 -0500
If the website is hacked, the attacker has the GPG key anyway, so they
can sign a rogue extension. Unless I'm not understanding how the
website is supposed to automatically sign extensions after they've
been approved.
On Fri, Dec 16, 2011 at 8:14 PM, Pauli Virtanen <pav iki fi> wrote:
> 16.12.2011 20:44, Olav Vitters kirjoitti:
>
>> On Fri, Dec 16, 2011 at 08:38:03AM -0800, Jonathan Wilkes wrote:
>>>
>>> So when someone hacks the extension website and changes the code for
>>> "Popular Extension #1" to log the user's keystrokes, how
>>>
>>> does my Gnome Shell know to reject that rogue extension when I try to
>>> install it?
>>
>>
>> If the website is hacked, the GPG signature would still be added.
>
>
> What does this mean? The client as it is in Gnome 3.2.1 does not seem to
> contain any code checking GPG signatures --- so if the site is hacked, enjoy
> your keylogger?
>
> --
> Pauli Virtanen
>
>
> _______________________________________________
> gnome-shell-list mailing list
> gnome-shell-list gnome org
> http://mail.gnome.org/mailman/listinfo/gnome-shell-list
--
Jasper
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]