[vlc-devel] Future of the update mechanism
Felix Paul Kühne
fkuehne.videolan at googlemail.com
Thu Jul 30 17:16:45 CEST 2009
Am 30.07.2009 um 16:37 schrieb Rémi Denis-Courmont:
> Le jeudi 30 juillet 2009 17:30:30 Georg Seifert, vous avez écrit :
>> The check for new version is recommended to use a secure connection,
>> but it works also over simple http.
>
> If it were as simple as removing security, Funman would not have
> implemented
> OpenPGP support in the first place. We must verify that the
> downloaded update
> is not corrupted, yet we should not depend on TLS for that.
>
> From what's been said, it would seem that Sparkle fails the "Windows"
> requirement as well as the "security without TLS" requirement.
Well, as hinted by Pierre previously, using the current approach for
Windows or switching to a native windows-updating mechanism kind of
makes sense. I don't really see why clearly platform-dependent code
must be forced to be independent.
Regarding the SSL-dependency of Sparkle, it's a bit a 1.5 kB download
per check we're discussing here. The actual update can be safely
downloaded through untrusted channels, as it is checked against the
signed hash. I seriously doubt that 1.5 kB downloads kill our server.
Additionally, nothing speaks against updating the update mechanism a
few hours or days after we hit the news pages once the peak traffic is
over.
Anyway, as j-b pointed on IRC yesterday, we will need a trusted, not-
self-signed SSL certificate anyway. This would cost 10 € per year
max., something VideoLAN can cover without any problems.
Best regards,
Felix
More information about the vlc-devel
mailing list