bundles/org.eclipse.platform.doc.user/reference/ref-p2-trust.htm - platform/eclipse.platform.common - Git at Google

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
 <html lang="en">
 <head>
   <meta name="copyright" content=
   "Copyright (c) Red Hat Inc. and others 2022. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page.">
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   <meta http-equiv="Content-Style-Type" content="text/css">
   <link rel="STYLESHEET" href="../book.css" charset="ISO-8859-1" type="text/css">
   <script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script>
   <title>Trust</title>
 </head>
 <body bgcolor="#FFFFFF">
   <h1 class="Head">Trusting p2 installations</h1>
   <p class="Intro">Installing artifacts is by nature a security risk as it will then allow the artifacts to execute
   potentially malicious code. To mitigate this risk, p2 does verify artifact <b>signatures</b> during installations and
   warns of any discrepancy.</p>
   <h2>Unsigned artifacts warning</h2>
   <p>If some artifacts have no digital signatures attached (using <code>jarsigner</code> or PGP signing technologies),
   the <em>Unsigned artifacts</em> dialog pops-up to warn that there is no signature for those artifacts.</p>
   <p>An artifact without a signature can easily be tampered so that the artifact being installed contains different
   content as what's expected during installation. So artifacts without signatures are a security thread and
   installating them is a risky action, much care should be taken before approving such installation.</p>
   <p>The pop-up allows to abort installation, or to take the risk of installing an installed artifact and continue
   installation.</p>
   <h2>Trust Dialog</h2>
   <p>One of the main goal of signatures is to match a signer identity to an artifact, so that in order to trust an
   artifact, a user can simply decide whether they trust the signer. It's usually an easier decision to take.</p>
   <p>Sometimes, all artifacts have a signature but the identity of the signer is not know whether it can be trusted or
   not. The strategy to decide whether a signer can be trusted or not is up to the user; different users can have
   different workflows to decide whether to trust a signer or not.</p>
   <p>In such case, the <em>Trust</em> dialog shows the list of certificates or PGP public keys along with extra
   information to let user define whether those can be trusted (Is the key itself trust? If yes, do I trust the
   signer?...).</p>
   <p>If all artifacts are signed by at least 1 trusted key or certificate, installation will continue; otherwise it's
   aborted.</p>
   <h2>Trust Preference Page</h2>
   <p><a class="command-link" href=
   'javascript:executeCommand("org.eclipse.ui.window.preferences(preferencePageId=org.eclipse.equinox.internal.p2.ui.sdk.scheduler.AutomaticUpdatesPreferencePage)")'>
   <img src="PLUGINS_ROOT/org.eclipse.help/command_link.svg" alt="command link"> <strong>Install/Update &gt;
   Trust</strong></a> preference page lists all the PGP public keys that are considered as already trusted and allows to
   add or remove some.</p>
   <h3 class="related">Related tasks</h3><a href="../tasks/tasks-120.htm">Updating the installation</a><br>
   <a href="../tasks/tasks-124.htm">Installing new software</a>
   <h3 class="related">Related reference</h3><a href="ref-61.htm">Help Menu</a>
 </body>
 </html>
	<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	<html lang="en">
	<head>
	<meta name="copyright" content=
	"Copyright (c) Red Hat Inc. and others 2022. This page is made available under license. For full details see the LEGAL in the documentation book that contains this page.">
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<meta http-equiv="Content-Style-Type" content="text/css">
	<link rel="STYLESHEET" href="../book.css" charset="ISO-8859-1" type="text/css">
	<script language="JavaScript" src="PLUGINS_ROOT/org.eclipse.help/livehelp.js" type="text/javascript"></script>
	<title>Trust</title>
	</head>
	<body bgcolor="#FFFFFF">
	<h1 class="Head">Trusting p2 installations</h1>
	<p class="Intro">Installing artifacts is by nature a security risk as it will then allow the artifacts to execute
	potentially malicious code. To mitigate this risk, p2 does verify artifact <b>signatures</b> during installations and
	warns of any discrepancy.</p>
	<h2>Unsigned artifacts warning</h2>
	<p>If some artifacts have no digital signatures attached (using <code>jarsigner</code> or PGP signing technologies),
	the <em>Unsigned artifacts</em> dialog pops-up to warn that there is no signature for those artifacts.</p>
	<p>An artifact without a signature can easily be tampered so that the artifact being installed contains different
	content as what's expected during installation. So artifacts without signatures are a security thread and
	installating them is a risky action, much care should be taken before approving such installation.</p>
	<p>The pop-up allows to abort installation, or to take the risk of installing an installed artifact and continue
	installation.</p>
	<h2>Trust Dialog</h2>
	<p>One of the main goal of signatures is to match a signer identity to an artifact, so that in order to trust an
	artifact, a user can simply decide whether they trust the signer. It's usually an easier decision to take.</p>
	<p>Sometimes, all artifacts have a signature but the identity of the signer is not know whether it can be trusted or
	not. The strategy to decide whether a signer can be trusted or not is up to the user; different users can have
	different workflows to decide whether to trust a signer or not.</p>
	<p>In such case, the <em>Trust</em> dialog shows the list of certificates or PGP public keys along with extra
	information to let user define whether those can be trusted (Is the key itself trust? If yes, do I trust the
	signer?...).</p>
	<p>If all artifacts are signed by at least 1 trusted key or certificate, installation will continue; otherwise it's
	aborted.</p>
	<h2>Trust Preference Page</h2>
	<p><a class="command-link" href=
	'javascript:executeCommand("org.eclipse.ui.window.preferences(preferencePageId=org.eclipse.equinox.internal.p2.ui.sdk.scheduler.AutomaticUpdatesPreferencePage)")'>
	<img src="PLUGINS_ROOT/org.eclipse.help/command_link.svg" alt="command link"> <strong>Install/Update >
	Trust</strong></a> preference page lists all the PGP public keys that are considered as already trusted and allows to
	add or remove some.</p>
	<h3 class="related">Related tasks</h3><a href="../tasks/tasks-120.htm">Updating the installation</a><br>
	<a href="../tasks/tasks-124.htm">Installing new software</a>
	<h3 class="related">Related reference</h3><a href="ref-61.htm">Help Menu</a>
	</body>
	</html>