Updates are downloaded over HTTP with no authentication. about service.openelec.settings HOT 3 CLOSED

The "About" screen in the settings addon currently shows whether a build is "official" or "unofficial" though anyone can create an "official" build if they set buildsystem config correctly. It we move to a signed binary regime to validate authenticity of the files it would be a good place to show the builds "signed" or "unofficial" status. Aside from that I would not draw much attention to the signed/unsigned status of builds as most of our userbase couldn't care about it and we currently have ~9000 users running unofficial builds; mostly users of arm devices where platform support is "work in progress" and where self-building is actively encouraged (64% of that number are pi users). I don't see any point in using SSL for downloads as certificates authenticate the interface of the host we serve from and most hosts are not under our control (we use mirrorbrain to distribute load) and even for our own boxes we cannot guarantee their security when they are managed by an ISP in a shared colo facility that we ultimately have zero oversight on.

from service.openelec.settings.

Yes, that seems reasonable. Self builds should get a whole lot safer if my
patch is applied to verify the checksum of all downloaded sources. I don't
have time to write the sig verify code until next week and don't want to
start if there is no chance of it being accepted.
On 5 Jan 2015 15:48, "Christian Hewitt" [email protected] wrote:

The "About" screen in the settings addon currently shows whether a build
is "official" or "unofficial" though anyone can create an "official" build
if they set buildsystem config correctly. It we move to a signed binary
regime to validate authenticity of the files it would be a good place to
show the builds "signed" or "unofficial" status. Aside from that I would
not draw much attention to the signed/unsigned status of builds as most of
our userbase couldn't care about it and we currently have ~9000 users
running unofficial builds; mostly users of arm devices where platform
support is "work in progress" and where self-building is actively
encouraged (64% of that number are pi users). I don't see any point in
using SSL for downloads as certificates authenticate the interface of the
host we serve from and most hosts are not under our control (we use
mirrorbrain to distribute load) and even for our own boxes we cannot
guarantee their security when they are managed by an ISP i n a shar ed colo
facility that we ultimately have zero oversight on.

—
Reply to this email directly or view it on GitHub
#57 (comment)
.

from service.openelec.settings.

I'm closing this down as it's not something practical to implement. Thanks.

from service.openelec.settings.