Re: [ease-dev] [EASE-dev] Introduction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ease-dev] [EASE-dev] Introduction

From: Christian Pontesegger <christian.pontesegger@xxxxxx>
Date: Wed, 16 Mar 2016 21:58:44 +0100
Delivered-to: ease-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ease-dev>
List-help: <mailto:ease-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

Hi Varun,

you are on the right track regarding signing. But I would prefer to keepsignature and code in the same file. Eg we could think of appending thesignature in a comment block at the end of the file. It would be easierto host and things that belong together would stick together. Basicallyits very similar to signing emails. You are right that we need someAPI/UI to sign scripts so users can do that in a comfortable way. Aninteractive UI would be great, possibly bound to the context menu ofresources. Another option would be to provide a builder (similar to acompiler) that reacts on file changes on script files. With a predefinedcertificate we could automatically sign scripts on every file save.Further a builder could check those certificates on scripts and add anoverlay icon to the files (valid/broken/no signature).

To write these comments we have an API that can detect the target scriptlanguage of a file and provide correct tokens for block and line comments.


cheers
Christian

On 03/16/2016 02:20 PM, Varun Raval wrote:

Hi Christian,
Some basic requirements are data(in our case: script) and signaturemust be in different files as per my knowledge so far about keygeneration. We can merge certificate and sign in a single file bymaking our custom format since both are binary files.
So, what we can do is, when we encounter scripts from server, we cancheck if there is a signature file with same name on server in samedirectory or not. If it's not there then we can warn user aboutdangers of that script. If it's there then we can import certificateand verify signature.
For this, we need to tell signing user beforehand, that if they areinterested in uploading scripts they must prefer to sign those scriptsand upload signature file. User than will have option to uploadsignature and certificate combined in a file that we have generated(byproviding some kind of functionality like plugin) or by generatingsignature in user's own way. In second case user will have to uploadcertificate separately so that we can verify before executing scripts.
For verifying, as I mentioned earlier, we can check whether signatureand certificate are there on server and respond accordingly.
Hope this helps!!

References:
- [ease-dev] [EASE-dev] Introduction
  - From: Varun Raval
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Christian Pontesegger
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Varun Raval
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Christian Pontesegger
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Varun Raval
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Christian Pontesegger
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Jonah Graham
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Varun Raval
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Christian Pontesegger
- Re: [ease-dev] [EASE-dev] Introduction
  - From: Varun Raval

Prev by Date: Re: [ease-dev] Tooltip testing
Next by Date: Re: [ease-dev] [EASE-dev] Introduction
Previous by thread: Re: [ease-dev] [EASE-dev] Introduction
Next by thread: Re: [ease-dev] [EASE-dev] Introduction
Index(es):
- Date
- Thread

Breadcrumbs