Skip to content

Decide if we want to do the verification in the website or in the add-ons menus

Since the extension is targeted at new users, a MitM or exploit on
our website could defeat any verification technique by providing
simplified instructions or by faking ISO verification.

To mitigate such
an attack in some cases we could both:

  • Encourage external documentation (screencasts on YouTube, printed
    forms, etc.). But those would be vulnerable to other kind of
    attacks…
  • Not rely on the website to perform the ISO verification (use the
    add-ons menu for example). But the UX will suffer from this…

Parent Task: #8564 (closed)

Original created by @sajolida on 8931 (Redmine)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information