Kamil Paral píše v St 09. 11. 2016 v 09:49 -0500: > > One solution would be giving apps an option to add a remote and > > install > > the required runtime from it, but Alex sees that as a potential > > security issue. > > Can you elaborate? What security issues? > Could installing runtime X subvert runtime Y used by other apps, e.g. > by claiming that X is an update for Y? In that case I'd expect that > GPG keys have to match, or something like that. Yeah, the app requires the runtime X which is not installed and adds a remote to install it, but the remote could also contain a malicious version of the runtime Y which is already installed and used by other apps, and the malicious version overrides it as an update. Then other apps get infected. I think all that matters are runtime ID and version, AFAIK GPG only checks if the runtime comes from the remote it claims it does. Yes, there could be a safety catch that would prevent updating the runtime from a different remote than the original one. > > If the required runtime were not in one of the trusted remotes, the > > user would be told that the runtime was not found in trusted > > remotes > > and he'd have to install it manually before installing the app. > > How is this fixing the security issues? Most users will happily > confirm a dialog, without studying key fingerprints etc. Adding a runtime is not so simple procedure right now and the user has to perform the steps. If a remote is added and a runtime installed automatically as a part of app installation, they may not even know something like this is happening. Neither option is fixing all potential security issues, but there will always be some with installing 3-rd party software. Jiri
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
