[Trac_gajim-plugins] [Gajim Plugins] #79: Verify Integrity & Authenticity of downloaded plugins

Gajim Plugins trac at gajim.org
Sun Oct 6 16:42:45 CEST 2013


#79: Verify Integrity & Authenticity of downloaded plugins
-------------------------------------+------------------------------------
Reporter:  azrdev                    |       Owner:  asterix
    Type:  enhancement               |      Status:  new
Priority:  major                     |   Component:  PluginInstallerPlugin
Keywords:  authentication integrity  |  Blocked By:
Blocking:                            |
-------------------------------------+------------------------------------
 As far as I can see in the current code, plugins downloaded from the
 server are just saved & loaded by gajim, there is no check whether they
 match the version on the server unaltered.
 I suggest to add checksums of all downloaded files, e.g. in the
 manifest.zip or separately. Use a sha256 checksum to check integrity of
 them, or gpg signing to also add an integrity check of the source server
 (as long as the respective key remains secured).

--
Ticket URL: <http://trac-plugins.gajim.org/ticket/79>
Gajim Plugins <http://trac-plugins.gajim.org/>
Gajim Plugins


More information about the Trac_gajim-plugins mailing list