[Sugar-devel] Problem using sugar-update-control to update large (100+ MB) activity bundles

Michael Stone michael at laptop.org
Wed Jun 17 23:32:42 EDT 2009


C. Scott Ananian wrote:

> It should be noted that trusting the CRC32 to validate the file contents is
> insecure -- but IIRC the security of the update scheme relies on other
> signatures (probably still unimplemented -- do you know anything about that,
> Michael?) so you shouldn't have to worry about it during download.

I have some preliminary thoughts written up on the subject about which I am
quietly seeking advice from a variety of people including yourself and which I
intend to publish when I am more satisfied with my writing and my thinking. 

Michael

P.S. - Does anyone know of any other folks out there actively working on
similar problems?


More information about the Sugar-devel mailing list