A correction to comment #8, after the latest changes in the spec: The code doing app updates in system settings will also need to do the same steps as the click scope: - fetch the sha-512 hash from the package details webservice - pass it to download manager so it can verify the download of the package with the store signature appended.
There's no longer a need for the updater nor the click scope to download signatures nor to pass them to packagekit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1330770 Title: click packages rely upon tls for integrity and authenticity To manage notifications about this bug go to: https://bugs.launchpad.net/click-package-index/+bug/1330770/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
