Matthew Wilson wrote: > Eric H. Jung wrote: >> --- Andrew Archer <[EMAIL PROTECTED]> wrote: >> >>> I'm curious to know how the keys will be kept secure. >> The wouldn't be any keys in an online version. It would work like this: >> >> 1. User uploads XPI to http://mozdev.org/mccoy >> 2. mozdev.org generates hash of uploaded XPI >> 3. mozdev.org unzips XPI, inserts the <em:updateHash/> into install.rdf, >> re-zips XPI, sends XPI >> back to user as a file download >> >> http://developer.mozilla.org/en/docs/Extension_Versioning,_Update_and_Compatibility#Update_Hashes > > That's not the McCoy functionality though is it? em:updateHash was > available before McCoy, and doesn't secure updates.
Sorry, I'm at least half wrong here. It does secure updates, but isn't related to McCoy. Matthew _______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
