https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24632
--- Comment #5 from David Cook <[email protected]> --- I'm thinking something along these lines: https://ubuntu.com/tutorials/tutorial-how-to-verify-ubuntu Verify a metadata file or checksum file using a provider's public key (using one of the modules I've suggested). Then verify the plugin using a checksum in the metadata file or in the checksum file. I'm thinking signing the checksum file is probably the better way to go. And if we create a system preference to manage this, we can have it turned off by default (for backwards compatibility), but then more cautious parties (like vendors) can enable it. Essentially you'd need to verify a plugin during the installation process. -- I have many competing projects during my quarantine time, but I'm going to try and look at this tonight. It really shouldn't be that difficult, and I think it would be a huge benefit for the plugin system and Koha. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Koha-bugs mailing list [email protected] https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-bugs website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
