On tor, 2016-11-17 at 11:38 +0100, Kalev Lember wrote:
On 11/17/2016 10:48 AM, Alexander Larsson wrote:
>
> The problem is when the runtime is *not* installed. The untrusted
> remote could claim to have an "org.gnome.Platform" runtime, which
> will
> then be installed, and at this point you're affecting another app.
Is it possible to use cryptography here to make this a bit more safe
and
easier to use? Instead of just matching "org.gnome.Platform" name,
apps
could maybe also require that "org.gnome.Platform" is signed with a
certain key? And then we could do automatic install if we can find a
runtime with matching signature? Also, maybe different
"org.gnome.Platform" runtimes signed with different keys should be
parallel installable?
We could pre-install a configuration for an individual runtime like
org.gnome.Platform, which includes a GPG key, and then that could be
used automatically. This essentially happens now I think. At least
there was a discussion about including preconfigured remotes for
fedora.
However, assuming this is a runtime we know nothing about, and some app
A depends on it. What prohibits app B to say it depends on that runtime
name, but supplying a different url for it *and* a different GPG key.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl(a)redhat.com alexander.larsson(a)gmail.com
He's a jaded bohemian librarian looking for a cure to the poison coursing
through his veins. She's a disco-crazy cat-loving femme fatale from out
of town. They fight crime!