I've been looking at how WP works here and
concluded this is
basically not
documented at all (from a developers perspective). On the WP
IRC nobody
seems to know anything about it, and my looking through the
code itself has
gotten me few insights into how updates and installation is
secured. If
anyone know more about this (esp what's up with the WP deployment
repository), please contact me, this would be of great help
for my GSoC
project.
Would it not be enough to hash all extensions on the distributor side, and
to check the hash sum on the client side using https for the connection?
Respectfully,
Ryan Lane