Opened 11 years ago

Closed 8 years ago

Last modified 7 years ago

#1349 closed defect (wontfix)

Use https:// for getting update info

Reported by: alsroot Owned by: tomeu
Priority: Immediate Milestone:
Component: Sugar Version: 0.85.x
Severity: Critical Keywords:
Cc: bernie, erikos Distribution/OS: Unspecified
Bug Status: Assigned

Description

For now sugar-updater uses http:// for getting metadata(including hashes for updates). It could be more secure to use https:// for this purpose and check hashes of downloaded bundles.

Since sunjummer uses CAcert, sugar should be aware of these certs.

Change History (5)

comment:1 Changed 11 years ago by alsroot

  • Priority changed from High to Immediate
  • Severity changed from Unspecified to Blocker

comment:2 Changed 11 years ago by erikos

  • Bug Status changed from Unconfirmed to Assigned
  • Severity changed from Blocker to Critical

Let's aim for 0.86.1, and add a clear plan as soon as possible so we can discuss possible issues early.

comment:3 Changed 11 years ago by bernie

The server-side part is done

comment:4 Changed 8 years ago by dnarvaez

  • Resolution set to wontfix
  • Status changed from new to closed

Old bug, not clear it's necessary, not enough resources, patches welcome.

comment:5 Changed 7 years ago by dnarvaez

  • Milestone 0.86 deleted

Milestone 0.86 deleted

Note: See TracTickets for help on using tickets.