Automatic update service

2004-04-27 Thread Ben Bucksch 
(Reposted, because I fell into spam-trap)
(Already posted in policy thread, but I received no response.)
Brendan Eich wrote:

We do need an automated update system.
As it happens, I wrote just such a system for Mozilla (for a customer, 
but under the MPL). Half the code bases on my roaming module. It is used 
in beta releases of said customer and seems to work mainly, modulo some 
superfluous updates due to timezone problems in Windows.

With explicit user consent, it

 * downloads a manifest file from a certain, preconfigured server
 * compares the listed files with those installed locally
 * downloads any mismatching files (into a temporary dir)
 * tries to make sure that the download worked correctly
 * moves away the original files
 * moves the downloaded file into their final location
 * asks the users to restart the browser
Alternatively, it can download XPIs and install them without user 
intervention, but they are currently also treated as normal install 
files, which makes it very impractical in the long term. That's why I am 
planning to additionally implement an internal patchlevel, and all 
available XPIs with a patchlevel larger than the running build will be 
downloaded and installed and may then be deleted.

That is, unless somebody has a better idea. That's why I am writing. How 
do you think should the update service work?

Ben

P.S. Discussion is of general interest and not secret, so please cc 
n.p.m.security.

___
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security

Re: Netscape code signing problem/question

2004-04-27 Thread Daniel Veditz 
The .db files are where the Netscape program stores and manages certs
locally, it's not any kind of a standard format. The .p12 file you got is a
standard format, you just need to "import" the cert into Netscape. It's been
ages since I've used Netscape 4.x and I don't remember where the import
command is located. In Mozilla and Netscape 7 certificate management is
reached through the preferences dialog.


Richard (Tor) wrote:
> We have just renewed our ceritificate but faced with a challenge.
> 
> For some reason, Netscape 4 after downloaded the new cert from Verign,
> we did not get the usual 2 files (cert7.db and key3.db).  Instead, we
> had a .p12 file which contains cert7 and key3 files.  Since the
> Netscpe signing tool requires both these files rather than the .p12
> file, we are stuck.  
> 
> What is the best way to handle this.  Is there a utility to extract
> these 2 files from the .p12 file ?
> 
> Appreciate that. 
> 
> please email to [EMAIL PROTECTED]
> 
> Regards,
> Richard
___
Mozilla-security mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-security