>>>>> "Daniel" == Daniel Dehennin <[EMAIL PROTECTED]> writes:
Daniel> Marco Gaiarin <[EMAIL PROTECTED]> writes:
>> 3) [complex, strong] use a PKI infrastructure where alla
>> communication (clearly, usefoul one) are 'signed' with public
>> keys.
Daniel> Why not just having packages signed by a certificate
Daniel> trusted by clients ?
Daniel> Client download packages, verify the signature and install
Daniel> if it's ok.
Daniel> Setting up a local certificate authority, deploying it on
Daniel> clients and sign packages is not so hard IMHO.
That would be good, if you could sign and check everything from the
server, including wpkg.js, packages.xml, any applications and/or data
files used by installers from the server.
It might get complicated...
--
Brian May <[EMAIL PROTECTED]>
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
wpkg-users mailing list
wpkg-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wpkg-users
