Ticket #1349 (new defect)

Opened 4 years ago

Last modified 4 years ago

Use https:// for getting update info

Reported by: alsroot Owned by: tomeu
Priority: Immediate Milestone: 0.86
Component: sugar Version: 0.85.x
Severity: Critical Keywords:
Cc: bernie, erikos Distribution/OS: Unspecified
Bug Status: Assigned

Description

For now sugar-updater uses  http:// for getting metadata(including hashes for updates). It could be more secure to use  https:// for this purpose and check hashes of downloaded bundles.

Since sunjummer uses CAcert, sugar should be aware of these certs.

Change History

Changed 4 years ago by alsroot

  • priority changed from High to Immediate
  • severity changed from Unspecified to Blocker

Changed 4 years ago by erikos

  • severity changed from Blocker to Critical
  • status_field changed from Unconfirmed to Assigned

Let's aim for 0.86.1, and add a clear plan as soon as possible so we can discuss possible issues early.

Changed 4 years ago by bernie

The server-side part is done

Note: See TracTickets for help on using tickets.