7
edits
Talk:Extension Manager:Addon Update Security: Difference between revisions
Talk:Extension Manager:Addon Update Security (view source)
Revision as of 02:36, 17 July 2007
, 17 July 2007Question about providing updates without SSL
(added another vote for not requiring updateHashes) |
(Question about providing updates without SSL) |
||
| Line 43: | Line 43: | ||
--[[User:Grimholtz|Grimholtz]] 12:18, 9 July 2007 (PDT) | --[[User:Grimholtz|Grimholtz]] 12:18, 9 July 2007 (PDT) | ||
== No-SSL downloads == | |||
Am I correct in my assumption that this proposal allows you to get away with not using SSL for any part of the updates process if: | |||
# Sign the updates.rdf file with your private key; install your public key with your .xpi file during the initial install. | |||
# Provide updateHash for each xpi in updates.rdf (that has been signed by your private key). | |||
--[[User:Silfreed|Silfreed]] 19:36, 16 July 2007 (PDT) | |||