[Project_owners] McCoy for extension signing
Nickolay Ponomarev
asqueella at gmail.com
Wed Sep 19 06:27:07 PDT 2007
On 9/19/07, Michael Vincent van Rantwijk, MultiZilla
<mv_van_rantwijk at yahoo.com> wrote:
> Nickolay Ponomarev wrote:
> > On 9/19/07, Michael Vincent van Rantwijk, MultiZilla
> > <mv_van_rantwijk at yahoo.com> wrote:
> >> McCoy is a XULRunner application enables you to update your software in a more secure
> >> way, but the initial installation stays as is, and thus unprotected. In other words
> >> we're not able to offer the same level of security (this compared with
> >> a.m.o).
> >>
> > I'm sure this was mentioned in previous threads, but you can use
> > InstallTrigger with a hash:
> >
> > http://developer.mozilla.org/en/docs/Installing_Extensions_and_Themes_From_Web_Pages#Hash
> >
> > Nickolay
>
> Which is only used to prevent file corruption i.e. this hash is not
> security related. Why else have a McCoy tool in the first place?
>
Let me check.. are you concerned about mozdev.org's own pages not
being https? That's the only difference (that matters) from AMO I see.
Nickolay
More information about the Project_owners
mailing list