Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Sep 10, 2008
  1. @andymatuschak

    More security tidbits!

    andymatuschak authored
    This patch prevents malicious downgrades, which are still possible with DSA validation: suppose there's some (signed) version with a security hole. A malicious attacker could serve an appcast with that version's URL and DSA signature, but a higher version number, forcing the user to "upgrade" to the version with the security hole.
    
    While I was at it, I fixed a bug that should have completely stopped .pkg installation from working since 1.5b1. Why didn't I hear anything about that? Does anyone actually use .pkgs? It still needs testing to be sure it works.
Commits on Jul 16, 2008
  1. @andymatuschak

    Beginnings of insane SUHost-based refactoring to get rid of NSBundle+…

    andymatuschak authored
    …Sparkle. More super-unstable refactorings to come...
Something went wrong with that request. Please try again.