Highrez Bug Tracker - Bug ID926 Validate digital signiture of downloaded update installation packages

Bug ID: 926
Short desc: Validate digital signiture of downloaded update installation packages

Last changed by phil
Reported By phil
Reported On 2026-02-22 5:10 PM
Project XMBC
Organization Development
Category enhancement
Priority high
Assigned phil
Status new
Target Release Next Release
Version Current Beta

comment 5595 posted by phil on 2026-02-22 5:12 PM, 54 days ago

Also fixed crash after update failes to download/install and retry is selected!

comment 5594 posted by phil on 2026-02-22 5:12 PM, 54 days ago

Test in 2.21 Beta 59 (obviously you will need to wait until 2.21 Beta 60 to actually test this as it only applies when downloaidng the NEXT update!)

comment 5592 posted by phil on 2026-02-22 5:10 PM, 54 days ago

There is a security risk in auto-updaters. To minimize the risk, if the update servers get compromised, XMBC should validate the digital signiture of the installation package, to ensure the update is genuine and signed by ME (the author).

Last changed by	phil
Reported By	phil
Reported On	2026-02-22 5:10 PM
Project	XMBC
Organization	Development
Category	enhancement
Priority	high
Assigned	phil
Status	new
Target Release	Next Release
Version	Current Beta