canmove, Confirmed users
1,220
edits
Security/Reviews/B2GUpdates: Difference between revisions
Jump to navigation
Jump to search
no edit summary
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 68: | Line 68: | ||
* size is important | * size is important | ||
|SecReview alt solutions=- Why three signatures? | |SecReview alt solutions=- Why three signatures? | ||
* support for contractual relationships | |||
- Who has final say in the case of disagreement? | - Who has final say in the case of disagreement on timing or content of updates? | ||
* open question, to discuss with carriers | * open question, to discuss with carriers | ||
|SecReview threat brainstorming=<b>Update is modified in transit or prior to being applied</b><br> | |||
*SSL used for the update manifest (including hash of update content) | |||
|SecReview threat brainstorming= | *Updates signed (potentially by all 3 keys) | ||
<b>Updates not available in timely fashion</b> | |||
Updates not | |||
* How urgent update process will work is an open question, currently being negotiated with partners. | |||
** Open question on how frequency will work with | ** Open question on how frequency will work with multiple carriers. Possibly have Gecko/Gaia updates Mozilla signed only. | ||
Open | |||
Open questions: | |||
Who will host updates? | Who will host updates? | ||
Will users be able to get updates over | Will users be able to get updates over WiFi or USB? | ||
}} | }} | ||
{{SecReviewActionStatus | {{SecReviewActionStatus | ||