--- Matthew Wilson <[EMAIL PROTECTED]> wrote:
> Eric H. Jung wrote:
> > --- Andrew Archer <[EMAIL PROTECTED]> wrote:
> >
> >> I'm curious to know how the keys will be kept secure.
> >
> > The wouldn't be any keys in an online version. It would work like this:
> >
> > 1. User uploads XPI to http://mozdev.org/mccoy
> > 2. mozdev.org generates hash of uploaded XPI
> > 3. mozdev.org unzips XPI, inserts the <em:updateHash/> into install.rdf,
> > re-zips XPI, sends
> XPI
> > back to user as a file download
> >
> >
>
http://developer.mozilla.org/en/docs/Extension_Versioning,_Update_and_Compatibility#Update_Hashes
>
> That's not the McCoy functionality though is it? em:updateHash was
> available before McCoy, and doesn't secure updates.
>
I don't know, but the point is mozdev should have an upload tool which preps
XPIs for
auto-updating when update.rdf isn't hosted at AMO (it's probably hosted at
mozdev, but not
necessarily). I believe updateHash is the only install.rdf entry required for
this. updateKey,
updateLink are not required. Anyone confirm?
____________________________________________________________________________________
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
_______________________________________________
Project_owners mailing list
[email protected]
https://www.mozdev.org/mailman/listinfo/project_owners
