> A) Make the plugin only tell the downloader what to download and not > to download it from.
You still need a key - even if the https:// authentication for gnome.org itself to prove the connection is to the correct site. > B) Sign extension dowloads with a gnome.org private key. > > A) is considerably simpler. B) offers some more flexibility. (You can > still handle offload in the A) case by doing redirects.) Another way to address B is to sign an index of locations of and hashes for the extensions rather than signing each extension individually. Might be easier to operate but with B you could use a heirarchy of keys (gnome->signer) which would let the installer see who (one or many) signed the package having reviewed it, and also allow revocations. _______________________________________________ gnome-shell-list mailing list gnome-shell-list@gnome.org http://mail.gnome.org/mailman/listinfo/gnome-shell-list