I guess that mostly tech-savvy people would download PM Commander, and in my opinion its hash should be listed on the site to help against tainted code. If the main PM distribution is hashed, so should this special add-on.
Regarding third party add-ons, I've not checked yet if PM reuires signed distribution as does FF, but if not this would also help.
Publishing Hash for PM Commander
Forum rules
Important: This board is for specifics regarding the add-ons website (addons.palemoon.org) and not to report extension compatibility issues or discuss different extensions.
Please only post here when your topic is directly related to the add-ons website service so our moderators don't have to move your posts all the time...
Important: This board is for specifics regarding the add-ons website (addons.palemoon.org) and not to report extension compatibility issues or discuss different extensions.
Please only post here when your topic is directly related to the add-ons website service so our moderators don't have to move your posts all the time...
-
New Tobin Paradigm
Re: Publishing Hash for PM Commander
We will obey a cert IF the extension is signed but we do not enforce signing. As for hashes, the updater uses sha256 hashes to verify if automatic updates are valid however at this time they are calculated on the fly by AUS as it was getting to be too much of a hassle for developers and administrators to manually specify hash.
https://github.com/Pale-Moon-Addons-Team/phoebus/blob/TRUNK/services/aus/check.php#L107
In the future, once add-on metadata is stored in a database upon submission we could display this data but for now the increased load to do it on the fly for display on the site would take too much resources.
https://github.com/Pale-Moon-Addons-Team/phoebus/blob/TRUNK/services/aus/check.php#L107
In the future, once add-on metadata is stored in a database upon submission we could display this data but for now the increased load to do it on the fly for display on the site would take too much resources.