Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
switch the Updater app to the RecoverySystem API for verifying downloads #158
Comments
thestinger
added
the
Type: enhancement
label
Jan 30, 2016
thestinger
added
project
Language: Java
labels
Jun 13, 2016
thestinger
added
the
Component: Updater
label
Sep 2, 2016
thestinger
added this to the Release milestone
Nov 29, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Show comment Hide comment|
This is now implemented. |
thestinger
closed this
Nov 29, 2016
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
thestinger commentedJan 30, 2016
The signatures are already verified by the recovery itself so it's not a security issue, but it's potentially a usability issue since the recovery can't do much in terms of error handling other than booting back into the operating system. The updater seems like it might already be able to do verification itself, but it should be switched to the AOSP API since that's going to be more robust and will cut down on the complexity.