bugssearch
advanced
using as
guest		loginabouthelp

 

Bug ID:  926  Validate digital signiture of downloaded update installation packages    
 
Created by phil on 2026-02-22 5:10 PM, 54 days ago
Project:  XMBC
Organization:  Development
Category:  enhancement
Priority:  high
Assigned to:  phil  
Status:  new
Target Release:Next Release
Version:Current Beta
 
 

show inline images      show change history

 comment 5595 posted by phil on 2026-02-22 5:12 PM, 54 days ago 

Also fixed crash after update failes to download/install and retry is selected!
 comment 5594 posted by phil on 2026-02-22 5:12 PM, 54 days ago 

Test in 2.21 Beta 59 (obviously you will need to wait until 2.21 Beta 60 to actually test this as it only applies when downloaidng the NEXT update!)
 comment 5592 posted by phil on 2026-02-22 5:10 PM, 54 days ago 

There is a security risk in auto-updaters. To minimize the risk, if the update servers get compromised, XMBC should validate the digital signiture of the installation package, to ensure the update is genuine and signed by ME (the author).