Whitelist extension (was: Re: [Typo3-typo3org] Comments on the mirroring concept)

Robert Lemke robert at typo3.org
Sat Mar 12 23:23:07 CET 2005

Hi folks,

On Thursday 10 March 2005 10:21, Juergen Egeling wrote:

> I do not see a technical problem here, but I see a legal problem. *If* we
> try to give security by telling people we have done this or that to ensure
> that a specific EXT is ok, we than have to do it every time a new version
> somes out.

So this is something we have to discuss in the extrev team, at least it's not 
related to the repository itself.

What I aimed for is a very simple thing: After downloading an extension, the 
EM tries to connect to the master repository / the super mirrors and checks 
the MD5. If it is okay it does not say anything. If integrety fails, a 
warning message appears and also if the check failed due to some timeout or 

I think that's easy to achieve technically but improves security without any 
side-effects. This method could only fail if someone hacks the master 
repository and in that case corrupting the md5 checksum would the least 
problem ...

Robert Lemke
Assessor - TYPO3 Association

More information about the TYPO3-team-typo3org mailing list