Re: Extension security?

From: Jonathan Wilkes <jancsika yahoo com>
To: "Jasper St. Pierre" <jstpierre mecheye net>
Cc: Olav Vitters <olav vitters nl>, "gnome-shell-list gnome org" <gnome-shell-list gnome org>
Subject: Re: Extension security?
Date: Thu, 19 Jan 2012 13:33:05 -0800 (PST)




----- Original Message -----
> From: Jasper St. Pierre <jstpierre mecheye net>
> To: Jonathan Wilkes <jancsika yahoo com>
> Cc: Olav Vitters <olav vitters nl>; "gnome-shell-list gnome org" <gnome-shell-list gnome org>
> Sent: Monday, December 19, 2011 7:36 PM
> Subject: Re: Extension security?
> 
> As I said before, this requires a lot of careful security and manual
> labor that I'm not comfortable doing. As such, I don't believe the
> mechanism, as you would like to see implemented, will be implemented.

Thanks for the response.  Another (security non-expert) question:

How does Debian repository security compare to the current security of the 
Gnome extension website/system?  Specifically-- if a hacker gains entry into 
a server that hosts a Debian repository and tries to change the data for 
package foo, won't apt-get/synaptic/etc. complain and by default fail to 
install the package because either the signature is invalid or the file checksum 
doesn't check out?

I apologize for asking a Debian question on the Gnome list, but I'm having trouble 
getting a response on #debian (I guess it looks like I'm fishing for security holes or 
something).

-Jonathan

> 
> On Mon, Dec 19, 2011 at 7:34 PM, Jonathan Wilkes <jancsika yahoo com> 
> wrote:
>>  ----- Original Message -----
>> 
>>>  From: Olav Vitters <olav vitters nl>
>>>  To: gnome-shell-list gnome org
>>>  Cc:
>>>  Sent: Saturday, December 17, 2011 10:51 PM
>>>  Subject: Re: Extension security?
>>> 
>>>  On Sat, Dec 17, 2011 at 04:17:20PM +0100, Pauli Virtanen wrote:
>>>>   It was clear already in the first post by J. Wilkes that this 
> thread
>>>>   was about a key kept on a non-public system.
>>> 
>>>  Colour me confused. I thought it already received a reply that it 
> wasn't
>>>  implemented.
>> 
>>  I'd like to know whether that means it wasn't implemented yet (but 
> eventually
>>  will be), wasn't implemented and may or may not be implemented later 
> on, or
>>  wasn't and will not be implemented.
>> 
>>  Thanks,
>>  Jonathan
>> 
>>>  --
>>>  Regards,
>>>  Olav
>>>  _______________________________________________
>>>  gnome-shell-list mailing list
>>>  gnome-shell-list gnome org
>>>  http://mail.gnome.org/mailman/listinfo/gnome-shell-list
>>> 
>>  _______________________________________________
>>  gnome-shell-list mailing list
>>  gnome-shell-list gnome org
>>  http://mail.gnome.org/mailman/listinfo/gnome-shell-list
> 
> 
> 
> -- 
>   Jasper
>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]