On 10 Feb 2016, at 13:59, diede...@tenhorses.com wrote: tell them how they can find out which apps use Sparkle??
On 10 Feb 2016, at 13:59, diede...@tenhorses.com wrote: tell them how they can find out which apps use Sparkle?? I was thinking of writing a script for this, checking for SUFeedURL for every .app bundle, but i. is there already an easy way to check which apps use Sparkle? ii. I don’t see an easy way for users to tell what version of Sparkle is installed in an app. Does anyone know where the Sparkle version number is hidden in the bundle? ii. given what Roland and Ken both say downthread, vis: If the release notes are via a separate URL and that URL is HTTP rather than HTTPS, then the attacker can spoof it it looks like just checking the SUFeedURL for http or https won’t be enough to determine if the app is safe for any app running older versions than Sparkle 1.13. Of course, we should all update to the latest version, but I have one app that has to be 10.6 compatible and that can’t use anything but an ***old*** version of Sparkle. The app cast and release notes are both https so I’m assuming this is secure (at least regarding this particular issue…). Best Phil _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
