On Fri, 10 Jul 2020, 22:07 Tim Boudreau, <[email protected]> wrote:
> > > > What does this offer in practice, assuming any catalogue is downloaded > from > > a trusted location over https, above validating the file against the file > > hash in the catalogue? > > > > Not all that much, given that if you can compromise the download, you can > also compromise the hash. Mostly just that the bits you downloaded were > saved correctly by your local machine. > Yes, but if the catalogue can be trusted, then what it points at can be verified. Perhaps we should concentrate on checking signing of catalogues not plugins? I personally prefer the idea of hashing in the plugin portal, and it would potentially open up other download sources while guaranteeing files downloaded are what the catalogue says they are. > Signing really becomes useful when you are downloading from mirror B and > want to verify the bits from trusted origin A. > Well, we now use hashing to do exactly that in the update centres - validate NBMs downloaded from Apache mirrors are what we expect. Best wishes, Neil >
