[GSoC] Authentication framework progress

Heya Planet,
It’s been a while since my last post about my GSoC projetc and, since there is one week left before the suggested pencil down date, it’s time to summarize what I’ve done in these weeks.
First of all, I’m proud to announce that PlasMate now is able to sign the plasmoids made within it, and install/export them (plasmoid+signature) successfully; thanks a lot to Mark Mutz that helped me to find out where I was wrong šŸ˜‰
Now, about KNewStuff3: unfortunately, I discovered that signature upload/download wasn’t implemented yet1 , oppositely what I’ve been told. However, joining the #ghns channel and the open-collaboration-services mailing list, I met very enthusiastic and friendly people. We discussed a lot about exending the current protocol to support gpg signature and turned out that, in the current OCS draft, they already inserted a basical gpp specification. So we exchanged our opinions and informations, and finally the gpg signature support is well-defined!
But wait, there is even more! Talking with fregl, he told me that the authentication framework I’m building could be used inside KNewStuff3 to provide an authentication mechanism for _every_ package sent/received, instead of limit its use to plasmoids. I don’t know why I didn’t think about it from the beginning, because it’s really an awesome idea!
Think about it: you’ll be able to download plasmoids, plasma themes, kopete themes, new comics for your comic plasmoid, amarok plugins, and tons of other extensions for your favourite app, and you’ll be notified about their trust level at the same time šŸ˜€
This excited me so much that I modified the library again, introducing a new level of trust to give the user a finer control over the authentication mechanism, and I’ve also made available the possibility to specify a custom keystore when creating a new instance of the class, allowing to have different keyrings for different applications (however, I’m not still 100% convinced about this feature).
By the way, things are really evolving good!
See you the next week, I’m thinking about making a cool screencast about all this stuff šŸ˜‰


1: The mantainer explained his reasons, and he was totally right, because the only app that used gpg auth was Quanta, back in the old times; so he opted to keep a clean and compact api.ā†‘


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s