Have we already defined what specific signature mechanism we want/need to implement server side? As far as I understand this we'll need the following
1. Upon upload of the click package, we compute a signature for it (what type of signature?) 2. We expose the computed signature somewhere public so that the click installer can compare it with it's own computation before installing the package. Please add any particular specifics we should consider when implementing this. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330770 Title: click packages rely upon tls for integrity and authenticity To manage notifications about this bug go to: https://bugs.launchpad.net/click-package-index/+bug/1330770/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
