PackMan security (was: [Pythonmac-SIG] FAQ item)
Jack Jansen
Jack.Jansen at cwi.nl
Tue Jul 29 23:55:38 EDT 2003
On dinsdag, jul 29, 2003, at 22:40 Europe/Amsterdam, Ronald Oussoren
wrote:
> Let me pretend that I'm a security expert. Using HTTPS would not solve
> anything, unless you actually check the server certificate (and nobody
> seems to do that, I can't even look at certificates in Safari). Some
> kind of digitical signature of the plist files would probably more
> usefull: that would allow me to verify that the scapegoat actually
> placed that file on the webserver.
Silly me, I forgot about this! I thought this problem was unsolvable,
because I thought we had no channel to transport the public key to the
end user safely, but I could of course have included the public key in
the pimp source code...
--
- Jack Jansen <Jack.Jansen at oratrix.com>
http://www.cwi.nl/~jack -
- If I can't dance I don't want to be part of your revolution -- Emma
Goldman -
More information about the Pythonmac-SIG
mailing list