kicad-developers team mailing list archive

[Collin Anderson <metacollin@xxxxxxxxxxxx>]

Critical typo: the line "but it's not claiming ownership except if that specific binary - as in, their machine compiled it." should read "except of that specific binary", not "if".  Very much changes the meaning.  Whoops. 


> On Oct 7, 2015, at 5:16 AM, Collin Anderson <metacollin@xxxxxxxxxxxx> wrote:
> 
> Code signing is a pain, though having read the official apple docs, I'd interpret signing as taking responsibility rather than ownership.  This ultimately amounts to whose developer certificates get revoked if you're creating malware, so it's a non issue for KiCad.
> 
> I'd very much equate it to signing another person's key in gpg: the Wayne and Layne account is vouching for the validity of the code and binary build, and that it was built on a system with authenticated access to their keychain, but it's not claiming ownership except if that specific binary - as in, their machine compiled it.  There is no wider implication I would say.  
> 
> Adam, I found this guide very helpful, it gives a great example of integrating code signing into various build systems via a shell script, as well as what exactly needs signing:
> 
> http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
> 
>> On Oct 6, 2015, at 5:26 PM, Adam Wolf <adamwolf@xxxxxxxxxxxxxxxxxxxx> wrote:
>> 
>> Thanks for the feedback.  I will take a look at signing with the Wayne and Layne account and will report back.  As long as it doesn't look like we are claiming ownership over KiCad I only want to think about this stuff so much--we all have important things to do :)
>> 
>> Adam Wolf
>> 
>>> On Oct 6, 2015 3:51 PM, "Wayne Stambaugh" <stambaughw@xxxxxxxxx> wrote:
>>> On 10/6/2015 12:43 PM, Nick Østergaard wrote:
>>> > 2015-10-06 16:14 GMT+02:00 Adam Wolf <adamwolf@xxxxxxxxxxxxxxxxxxxx>:
>>> >> Hi folks!
>>> >>
>>> >> OS X has this thing called Gatekeeper.  Applications that are downloaded off
>>> >> the internet fall under its "protection".  Systems have 3 settings for
>>> >> Gatekeeper:
>>> >>
>>> >> 1) Only allow applications distributed through the Mac App Store
>>> >> 2) Mac Store + Developer signed applications
>>> >> 3) Let anything run
>>> >>
>>> >> It is certainly beyond scope to distribute KiCad builds through the Mac App
>>> >> Store in the near future.  It is not necessarily beyond scope for me to set
>>> >> up package signing.  The main benefit we get is that users will no longer
>>> >> have to right click on KiCad the first time they open it in order to run the
>>> >> unsigned application, and our application appears a little more
>>> >> professional.
>>> >>
>>> >> Assuming the core team doesn't have philosophical objections to this, there
>>> >> are some organizational aspects.
>>> >>
>>> >> The application needs to be signed by a key we'd get from Apple.  There is
>>> >> likely a $99/yr fee per *developer account* for this.  We already have one
>>> >> at Wayne and Layne.  If we used ours to sign the KiCad builds, there would
>>> >> likely be a place where you'd be able to see our name on the builds, but we
>>> >> could probably get this going in a few days.
>>> >>
>>> >> Alternatively, we could get another developer account just for KiCad.  Wayne
>>> >> and Layne can cover the yearly fee.  The application process was actually
>>> >> kinda lengthy and involved some phone calls, but we can definitely do it.
>>> >
>>> > Personally I would not mind it to be signed by Wayne and Layne,
>>> > afterall you are donating resources to KiCad, so I don't mind seeing
>>> > your name on the certificate related information.
>>> 
>>> I'm not sure what signing entails on OSX but if it's like signing any
>>> other file with your GPG key, I don't see any problem with Wayne and
>>> Layne signing the KiCad OSX bundles.
>>> 
>>> >
>>> >> I haven't worked with this stuff intimately, actually, so the next step
>>> >> might be to:
>>> >>
>>> >> 1) confirm with the core team that this might be reasonable
>>> >> 2) I look into it more
>>> >>
>>> >> Thoughts?
>>> >>
>>> >> Adam Wolf
>>> >> Cofounder and Engineer
>>> >> Wayne and Layne
>>> >>
>>> >> _______________________________________________
>>> >> Mailing list: https://launchpad.net/~kicad-developers
>>> >> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>>> >> Unsubscribe : https://launchpad.net/~kicad-developers
>>> >> More help   : https://help.launchpad.net/ListHelp
>>> >>
>>> >
>>> > _______________________________________________
>>> > Mailing list: https://launchpad.net/~kicad-developers
>>> > Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>>> > Unsubscribe : https://launchpad.net/~kicad-developers
>>> > More help   : https://help.launchpad.net/ListHelp
>>> >
>>> 
>>> _______________________________________________
>>> Mailing list: https://launchpad.net/~kicad-developers
>>> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>>> Unsubscribe : https://launchpad.net/~kicad-developers
>>> More help   : https://help.launchpad.net/ListHelp
>> _______________________________________________
>> Mailing list: https://launchpad.net/~kicad-developers
>> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~kicad-developers
>> More help   : https://help.launchpad.net/ListHelp
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp