[wpkg-users] security issues

Brian May bam at snoopy.apana.org.au
Thu Jun 7 06:40:40 CEST 2007


>>>>> "Daniel" == Daniel Dehennin <daniel.dehennin at ac-caen.fr> writes:

    Daniel> Marco Gaiarin <gaio at sv.lnf.it> writes:
    >> 3) [complex, strong] use a PKI infrastructure where alla
    >> communication (clearly, usefoul one) are 'signed' with public
    >> keys.

    Daniel> Why not just having packages signed by a certificate
    Daniel> trusted by clients ?

    Daniel> Client download packages, verify the signature and install
    Daniel> if it's ok.

    Daniel> Setting up a local certificate authority, deploying it on
    Daniel> clients and sign packages is not so hard IMHO.

That would be good, if you could sign and check everything from the
server, including wpkg.js, packages.xml, any applications and/or data
files used by installers from the server.

It might get complicated...
-- 
Brian May <bam at snoopy.apana.org.au>


wpkg-users mailing list
wpkg-users at lists.wpkg.org
http://lists.wpkg.org/mailman/listinfo/wpkg-users



More information about the wpkg-users mailing list