Allow packages to be signed
- Extension-archives (allow them to be signed)
- either using an external signature (easier to integrate with current packages
- or using an internal signature (will require changes to package-format)
- Extension-manager (configuration/verification of signatures; optional per repository)
- Extension-repository (automatically sign packages uploaded to the official TYPO3-repository)
Updated by Stefan Neufeind over 9 years ago
This will help ensure that extensions (from the official repository or from a local repository) are unmodified. This will help validate integrity especially for the use of unsecure communication (http) or the use of (potentially unreliable) mirror-servers.