On 11/17/2016 10:48 AM, Alexander Larsson wrote: > The problem is when the runtime is *not* installed. The untrusted > remote could claim to have an "org.gnome.Platform" runtime, which will > then be installed, and at this point you're affecting another app. Is it possible to use cryptography here to make this a bit more safe and easier to use? Instead of just matching "org.gnome.Platform" name, apps could maybe also require that "org.gnome.Platform" is signed with a certain key? And then we could do automatic install if we can find a runtime with matching signature? Also, maybe different "org.gnome.Platform" runtimes signed with different keys should be parallel installable? -- Kalev _______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
