106
edits
Talk:Extension Manager:Addon Update Security:Signature: Difference between revisions
Talk:Extension Manager:Addon Update Security:Signature (view source)
Revision as of 05:26, 27 October 2007
, 27 October 2007Fix misquoted bug summary for bug 378216
(Updates) |
m (Fix misquoted bug summary for bug 378216) |
||
| Line 1: | Line 1: | ||
== Introduction == | == Introduction == | ||
After learning about this effort to "disable | After learning about this effort to "disable insecure extension updates" in [https://bugzilla.mozilla.org/show_bug.cgi?id=378216 b.m.o bug 378216], I inquired (in [https://bugzilla.mozilla.org/show_bug.cgi?id=378216#c95 comment 95]) about a specification for the cryptographic signature formats used. The reply (in [https://bugzilla.mozilla.org/show_bug.cgi?id=378216#c96 comment 96]) pointed me to [[User:Mossop:Fx-Docs:AddonUpdateSecurity]] which contains a link to [[User:Mossop:Fx-Docs:AddonUpdateSignature]] (the article being discussed in this page). | ||
So I went to [[User:Mossop:Fx-Docs:AddonUpdateSignature]] looking for an open specification. I was looking for a specification clear enough that one could implement something that worked based on that specification alone, and not on other existing implementations. It needn't be too formal, but it needs to be complete. What I found instead are examples that don't work. | So I went to [[User:Mossop:Fx-Docs:AddonUpdateSignature]] looking for an open specification. I was looking for a specification clear enough that one could implement something that worked based on that specification alone, and not on other existing implementations. It needn't be too formal, but it needs to be complete. What I found instead are examples that don't work. | ||