Talk:Extension Manager:Addon Update Security: Difference between revisions

Talk:Extension Manager:Addon Update Security (view source)

571 bytes added , 15 September 2007

canmove, Confirmed users

1,567

edits

@@ Line 61: / Line 61: @@
 I'm part of an extensions translation team, who hosts some of our translations on our site (I'm not talking about BabelZilla, which is used when the extension author collaborates). If each of us has to use the xulrunner tool to make the updates work, we'll have to create a private key and make it public so every translators can upload their translations. Of course, this is insecure, but it's the only way to avoid breaking extension updates (translator change, key lost...).<br />
 A PHP implementation would make it easier for us and would increase the security of the updates. [[User:The RedBurn|The RedBurn]] 02:43, 15 September 2007 (PDT)
+There are no plans to provide such a version of the tool, firstly we can only really concentrate on one form of the tool for the time being and the simple application will be usable by the majority of authors. Secondly what you are suggesting is questionable from a security perspective since it requires you keep your cryptographic keys and passwords on a webserver. Really for what you are suggesting either one person should do the ultimate signing of the update, or simply host using ssl which is the preferred option for large scale hosting.
+[[User:Mossop|Mossop]]