Douglas E. Warner wrote: > On Friday 20 July 2007, [EMAIL PROTECTED] wrote: >> There's great documentation on InstallTrigger here: >> http://developer.mozilla.org/en/docs/Installing_Extensions_and_Themes_From_ >> Web_Pages Short of implementing a file release system like SourceForge, I'm >> not sure how mozdev could enforce each project-owner into publishing their >> download page with InstallTrigger. > > Eric, thanks for the link to the docs; very helpful. > > Michael, when you have a chance can you look over the InstallTrigger page and > let me know if it accomplishes most of what you were referring to with the > link fingerprinting?
We already use it, but there are issues to solve before we can use it safely. The first step would be either to secure CVS with SSL, or to write a simple SSL protected HTML/PHP form to upload our XPI's with, and let PHP 5 generate the hash for us (in one run). Note: This approach would void the need of SSL protected mirrors, yes. > If this is already supported in Mozilla then I think we > should aim for this instead of trying to get something new integrated. Sort of the same as with link finger printing; because you need some secure link, either one to upload the XPI's with or one the user visits. Note: There is also one big problem with using such SSL protected form, and that is that end-users are going to have to "trust us on our word" for not seeing the usual lock and https: in their location bar ;) > Eric's probably right that we would need a download registration system like > SF.net in order to publish the links; I'm not familiar with SF.net so can someone please inform me how that works? > that might be the best way to handle > bug#17302 (mozdev.org should allow for secure installs). I'll comment on > that bug to keep track of ideas there, as well. > > -Doug Thanks Doug (and Eric), -- Michael Vincent van Rantwijk - MultiZilla Project Team Lead - XUL Boot Camp Staff member - iPhone Application Developer _______________________________________________ Project_owners mailing list Project_owners@mozdev.org http://mozdev.org/mailman/listinfo/project_owners
