Trust external plugins
Registered by
Olivier Tilloy
We want to make external plugins available via our plugin repository (the external plugins remaining hosted on external servers). For this we need a mechanism that allows us to trust that a given version of a plugin is not corrupted (whether intentionally or not), that is that the contents of the egg file do not change. Once a given version of a plugin has been checked as stable and righteous, it should not change ever.
The idea is to perform an integrity check on the egg once it is approved for listing in the repository, e.g. a simple md5 checksum, and compare this sum client-side before attempting to download the egg.
Blueprint information
- Status:
- Complete
- Approver:
- Florian Boucault
- Priority:
- Essential
- Drafter:
- Olivier Tilloy
- Direction:
- Needs approval
- Assignee:
- Olivier Tilloy
- Definition:
- Approved
- Series goal:
- None
- Implementation:
- Implemented
- Milestone target:
- 0.5.20
- Started by
- Olivier Tilloy
- Completed by
- Olivier Tilloy
Related branches
Related bugs
Sprints
Whiteboard
(?)