Re: [Bitcoin-development] Safe auto-updating

2013-08-05 Thread Daniel F
If you want package authentication, you should at least throw in some digital signing, not just a checksum. With a compromised host, both the checksum and binaries can be changed undetectably, but if there's a signature made by a key that is not kept on the host, there's no way to fake a valid

Re: [Bitcoin-development] Safe auto-updating

2013-08-05 Thread Alan Reiner
Indeed. You can hardcode a distributor public key in the software, and client software will only trust signed data from that key. Of course, the private key for that data is not kept on the server distributing the signed checksums. Ideally it would be kept offline, and the couple-times-per-year

Re: [Bitcoin-development] Safe auto-updating

2013-08-05 Thread Jim
One approach you could use would be to use bitcoin signing on a list of the build artifacts together with their SHA256 hashes. If you have a look at the MultiBit release notes you get the overall idea: https://multibit.org/releases/multibit-0.5.13/release.txt Currently these aren't machine