McCoy is a simple XULRunner based application that enables add-on authors to provide secure updates to their users. Specifically it focuses on the process of digitally signing update manifests so the client applications can verify the integrity of a manifest retrieved over normally insecure channels.
The goal of McCoy is to enable the secure hosting of add-on updates in as convenient a manner as possible.
The primary target audience of McCoy is add-on developers who for whatever reason SSL based hosting is not an option. Primarily we focus on single developers (teams generally being more likely to have access to funding to use SSL based security).
Below are the release versions of McCoy. Milestones relate to the target milestone used in bugzilla for tracking the release.
The user interface guidelines give an overview of how the application is structured and what additional widgets are available.
McCoy is available from Mozilla's Mercurial repository. You can check out the latest trunk version using the command:
hg clone http://hg.mozilla.org/projects/mccoy
See the release milestones above for the tags for various releases.
Read about how to build McCoy.