[Project_owners] McCoy for extension signing
Michael Vincent van Rantwijk, MultiZilla
mv_van_rantwijk at yahoo.com
Wed Sep 19 04:55:24 PDT 2007
Nickolay Ponomarev wrote:
> On 9/19/07, Michael Vincent van Rantwijk, MultiZilla
> <mv_van_rantwijk at yahoo.com> wrote:
>> McCoy is a XULRunner application enables you to update your software in a more secure
>> way, but the initial installation stays as is, and thus unprotected. In other words
>> we're not able to offer the same level of security (this compared with
>> a.m.o).
>>
> I'm sure this was mentioned in previous threads, but you can use
> InstallTrigger with a hash:
>
> http://developer.mozilla.org/en/docs/Installing_Extensions_and_Themes_From_Web_Pages#Hash
>
> Nickolay
Which is only used to prevent file corruption i.e. this hash is not
security related. Why else have a McCoy tool in the first place?
@Pete; here you have *another* reason people need access to the XPI
files! Let me _add_ link finger printing for today ;)
--
Michael Vincent van Rantwijk
- MultiZilla Project Team Lead
- XUL Boot Camp Staff member (ActiveState Training Partner)
- iPhone Application Developer
More information about the Project_owners
mailing list