Automatic Script Updater

Jeff Mitchell mitchell at kde.org
Sun Nov 8 20:51:08 CET 2009 

Frank Karlitschek wrote:
> Sorry for the late reply.
> 
> It is quite clear that we need a security system for scripts on GHNS.
> Signing the Scripts with the key of the uploader/developer is of  
> course possible but doesn´t solve the real problem.
> As long as everybody can upload a script to openDesktop.org and users  
> can download it the signing doesn´t give as any security that the  
> script is safe.
> 
> What we also need is some kind of trust system on the server.  
> Something like this developer is already a contributor for some time,  
> developed several other scripts already, has a high rating and got  
> reviewed but other people with a high trust level. So the script has a  
> high trust level.
> 
> With this system we can mark the scripts with different trust level.
> I plan do develop a system like this in the future. But this is not  
> done in a week so i need some time.
> 
> I hope this improves the security for Amarok.
> 
> What do you think?

Hi Frank,

It seems to me that the systems are complimentary.

Although Bart said that if/when you implement a system on
openDesktop/kde-apps.org/GHNS/etc. we needed to use that as well, I
rather disagree -- I think we could use that for third-party scripts,
but for first-party scripts I think there is still a need/use for the
system we have now.

When distros download from our server they check our published hashes to
verify that the files are legit. We want to provide that same type of
security and confidence for when we need to release script updates
before the next software release. A web-of-trust system is great for
third-parties but users need to have ultimate trust in what we're
providing, so I think for our first-party scripts we still need to
cryptographically provide that.

However, what you propose for third-party scripts makes a lot of sense
and I think will be great functionality added on to GHNS.

--Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://mail.kde.org/pipermail/amarok-devel/attachments/20091108/c8a257bf/attachment.sig

More information about the Amarok-devel mailing list