On tor, 2016-11-17 at 11:38 +0100, Kalev Lember wrote:
> On 11/17/2016 10:48 AM, Alexander Larsson wrote:
> >
> > The problem is when the runtime is *not* installed. The untrusted
> > remote could claim to have an "org.gnome.Platform" runtime, which
> > will
> > then be installed, and at this point you're affecting another app.
>
> Is it possible to use cryptography here to make this a bit more safe
> and
> easier to use? Instead of just matching "org.gnome.Platform" name,
> apps
> could maybe also require that "org.gnome.Platform" is signed with a
> certain key? And then we could do automatic install if we can find a
> runtime with matching signature? Also, maybe different
> "org.gnome.Platform" runtimes signed with different keys should be
> parallel installable?
We could pre-install a configuration for an individual runtime like
org.gnome.Platform, which includes a GPG key, and then that could be
used automatically. This essentially happens now I think. At least
there was a discussion about including preconfigured remotes for
fedora.
However, assuming this is a runtime we know nothing about, and some app
A depends on it. What prohibits app B to say it depends on that runtime
name, but supplying a different url for it *and* a different GPG key.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl@xxxxxxxxxx alexander.larsson@xxxxxxxxx
He's a jaded bohemian librarian looking for a cure to the poison coursing
through his veins. She's a disco-crazy cat-loving femme fatale from out
of town. They fight crime!
_______________________________________________
desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
