Open Bug 1020032 (remotedistro) Opened 6 years ago Updated 6 years ago
[meta] Remote distributions
Meta bug for this. Most client-side work hangs off Bug 1013024.
Curtis, Mark: when would be a good time to talk through this and discuss mitigations for the horrors lurking within?
Flags: sec-review? → sec-review?(mgoodwin)
Sec review results, in very brief: * Measure SSL overhead. If low, we'll take it. * Explore a way to verify intent senders. * Note to self: double-check that we don't process an intent after first run. * Future/further thought: signature verification for downloaded zips. (More impetus for this if no SSL.)
Sec review granted.
You need to log in before you can comment on or make changes to this bug.