Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upImplement ruleset signature validation #26
Conversation
|
This is ready for review, sorry for force-pushing. You are free to change this code as you see fit before merging. There is a side effect of this change that the new code no longer creates a temporary file called |
|
@pipboy96 Thanks for the PR! I'm sorry I haven't had time to test and review it yet. I was on holiday when you submitted it. I'll try to make time for this next week. |
|
@fmarier Don't worry much, there is no need to rush, especially if it makes missing possible mistakes more likely. |
|
@fmarier Is there something else I can work on? I would personally like the generated LevelDB files to also be signed and verified by the browser. Can I try to implement this? |
|
@fmarier Any update? |
|
@fmarier No problem. Thanks for merging. |
I recently talked with EFF people and they're working on something that's very interesting: a rust library to parse and apply the rulesets. So at this point, I think that if we change how things are done in Brave, it's likely to be to move to that library (and pull the JSON rulesets directly) so that we can rip out our C++ ruleset parser (brave/brave-browser#5280). If you did want to work on something else HTTPS Everywhere-related in Brave, I believe that we have a bug somewhere when it comes to the exceptions built into the rulesets (brave/brave-browser#5124). In any case, thanks again for adding signature checking. It's a great thing to have! |
|
@fmarier I would like to help with that too. Any suggestions where to start? |
Let's follow up in the other bug directly: brave/brave-browser#5124 (comment) |
pipboy96 commentedJul 18, 2019
I tried to avoid changes outside download-related code to make this PR easier to review. I plan to make more PRs to improve code quality later.