- From: nin-jin <notifications@github.com>
- Date: Thu, 02 Jan 2025 12:39:00 -0800
- To: w3c/ServiceWorker <ServiceWorker@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 2 January 2025 20:39:05 UTC
> We don't want to support this because it would mean a single successful attack on a server could compromise users for a long time. It may not be obvious to everyone, but the developer's private keys, which are used to sign updates, are not stored on the server. Therefore, in order to carry out such an attack, it is necessary to hack not only the server, but also to gain physical access to the private key storage, which most likely will not be connected to the Internet at all. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/ServiceWorker/issues/578#issuecomment-2568349199 You are receiving this because you are subscribed to this thread. Message ID: <w3c/ServiceWorker/issues/578/2568349199@github.com>
Received on Thursday, 2 January 2025 20:39:05 UTC