[wpkg-users] security issues
Brian May
bam at snoopy.apana.org.au
Thu Jun 7 06:40:40 CEST 2007
>>>>> "Daniel" == Daniel Dehennin <daniel.dehennin at ac-caen.fr> writes:
Daniel> Marco Gaiarin <gaio at sv.lnf.it> writes:
>> 3) [complex, strong] use a PKI infrastructure where alla
>> communication (clearly, usefoul one) are 'signed' with public
>> keys.
Daniel> Why not just having packages signed by a certificate
Daniel> trusted by clients ?
Daniel> Client download packages, verify the signature and install
Daniel> if it's ok.
Daniel> Setting up a local certificate authority, deploying it on
Daniel> clients and sign packages is not so hard IMHO.
That would be good, if you could sign and check everything from the
server, including wpkg.js, packages.xml, any applications and/or data
files used by installers from the server.
It might get complicated...
--
Brian May <bam at snoopy.apana.org.au>
wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users
More information about the wpkg-users
mailing list