Confirmed users
110
edits
Apps/Security: Difference between revisions
Jump to navigation
Jump to search
→Debian Keyring (Package Management) for distribution of apps
| Line 68: | Line 68: | ||
=== Debian Keyring (Package Management) for distribution of apps === | === Debian Keyring (Package Management) for distribution of apps === | ||
* Last updated March 14, 2012 | |||
* Items in () denote the equivalent in WebApp world | * Items in () denote the equivalent in WebApp world | ||
* infrastructure already exists | * infrastructure already exists | ||
| Line 78: | Line 79: | ||
* A user may choose to add more sources (stores) | * A user may choose to add more sources (stores) | ||
* A user must add the source's keyring (store's public key?) to disable warning about untrusted source | * A user must add the source's keyring (store's public key?) to disable warning about untrusted source | ||
* To compromise an app with proper code signing requires | |||
*# compromise the site hosting the app | |||
*# compromise the key(s) signing the app (assuming you require app updates to be signed with the same key) | |||
*# compromise or trigger the update mechanism for the app | |||
*# wait for updates to trickle out | |||
=== Permissions manager === | === Permissions manager === | ||