Security check Spartacus http fetching

[ophian]

Quest: What about checksum check for security?
Answ.: Checksum-checks could be added, but of course this is some work to implement...

Anyone?

[yellowled]

(Issue title adapted; these are all todos, 2.0 is signaled by the label already.)

[garvinhicking]

We can:

• add a md5 checksum to the XML for our daily build
• When a file is downloaded through Spartacus, build the MD5 of the local file and compare it to the remote XML checksum, probably return errors/alerts
• Also add a check for each plugin file to our checksum comparison tool

Probable issues with this: This enlarges the XML about 10-15% I guess, which raises the PHP memory limit. The whole check will also take longer and more memory to parse, we might hit limits much earlier with this...

Another thing: We should add https:// to www.s9y.org and add it as a https:// mirror.

[yellowled]

@garvinhicking You wanna revisit that statement after 5 months? :) Other than that, I would just close it.

[garvinhicking]

We need to leave it open, it is still an issue.

[th-h]

Closed as WONTFIX after five years.