Apache OpenOffice (AOO) Bugzilla – Full Text Issue Listing |
Summary: | Please sign OO installer with digital certificate | ||
---|---|---|---|
Product: | Installation | Reporter: | kpalagin <kpalagin> |
Component: | ui | Assignee: | Martin Hollmichel <nesshof> |
Status: | CLOSED FIXED | QA Contact: | issues@installation <issues> |
Severity: | Trivial | ||
Priority: | P3 | CC: | issues, khirano, pescetti |
Version: | current | ||
Target Milestone: | OOo 3.0 | ||
Hardware: | All | ||
OS: | Windows, all | ||
Issue Type: | FEATURE | Latest Confirmation in: | --- |
Developer Difficulty: | --- |
Description
kpalagin
2006-08-28 17:54:38 UTC
reassigned Here is helpfull tool tool from MS to sign software http://msdn2.microsoft.com/en-us/library/9sh96ycy.aspx One more MS tool to sign http://www.microsoft.com/downloads/details.aspx?FamilyID=860ee43a-a843-462f- abb5-ff88ea5896f6&DisplayLang=en reassigned to myself Martin, are we on track for 3.0 with this RFE? WBR, Kirill. working on this. Martin, what is the current status of this issue? Thanks and regards, KP. Signing with a digital certificate might also mitigate the risk of an attack based on DNS spoofing like the one described in http://www.infobyte.com.ar/down/isr-evilgrade-Readme.txt since the user will be able to check that the file he downloaded is indeed coming from OpenOffice.org (even if we can do very little about this kind of attack unless we make the Update Notification mechanism more secure). Apparently we are going to miss 3.0 fot this issue. fixed with 3.0rc2 Verified in RC2 on WinXP, closing as such. Martin, thanks a ton! Sweet!! Thanks Martin |