https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632
David Cook <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #2 from David Cook <[email protected]> --- I one hundred percent agree with you, Martin. I figure Koha developers sign Koha plugins using a private GPG key, and then provide a public GPG key for *someone* to import into Koha. Personally, I'd prefer if the list of public GPG keys was maintained by a Linux sysadmin for maximum control, but I know that's potentially not useful for many target users of Koha plugins. (Maybe a compromise would be to have a web interface by default and then have an option to deactivate that and use a CLI tool instead for vendors?) In terms of specific interfaces... I'm going to look to see how Apt manages it in a user-friendly fashion (ie not requiring users to specify which key to use to verify which file). In any case, I think we have to have some system for signing and verifying plugins. From a vendor point of view, it would increase my confidence in the plugin system as a whole. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
