[WineHQ] service.cgi fixes

Dimitrie O. Paun dpaun at rogers.com
Tue Jun 15 12:44:07 CDT 2004


On Tue, Jun 15, 2004 at 05:14:46PM +0100, Paul Millar wrote:
> With network security, any activity implies at least some trust. The script 
> wasn't brilliant, but pushing the functionality into winrash doesn't really 
> solve the problem: we'd still need to verify the binaries somehow, or just 
> trust that the binaries are OK.

Yes, we need to verify them, but not before we verify the script. Otherwise,
it's much easier to feed us a hacked script...

> But, in the mean time, I'll continue generating the sig files (as it happens 
> automatically) so future gpg verification-code has something to test against.

Sure, that can't hurt, maybe one day we'll use it.

-- 
Dimi.



More information about the wine-devel mailing list