Douglas E. Warner wrote: > On Friday 28 March 2008 05:31:27 Onno Ekker wrote: > >> I don't really see why end-users would believe they now have safe >> downloads. To the user, the only thing that has changed, is that they >> can start the download from a secure website, but they can't see that >> the file is also verified and they cannot verify the file themselves, >> since you don't display the md5sum. The download itself is still from an >> unsecure website, so the user could download another file than he thinks. >> > > The security comes from using InstallTrigger which will verify the hash > against the downloaded file for the user automatically. This hash is served > from a secure website, therefore the hash can be trusted. The file can then > be downloaded from anywhere and compared against the trusted hash. > Ah. Now I get it. I missed the link with InstallTrigger: http://developer.mozilla.org/en/docs/Installing_Extensions_and_Themes_From_Web_Pages
So it's for Installing only. And then probably only for Firefox (and Seamonkey / Mozilla,...) extensions / themes, but not for Thunderbird Extensions. The xpis I added and verified were Thunderbird only extensions, so that will probably have very limited use... Onno _______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
