kicad-developers team mailing list archive

[Adam Wolf <adamwolf@xxxxxxxxxxxxxxxxxxxx>]

Thanks.  I will dig in this weekend but this sounds like something I can
put on our nightlies shortly.

Adam Wolf
On Oct 7, 2015 6:26 AM, "Collin Anderson" <metacollin@xxxxxxxxxxxx> wrote:

> Critical typo: the line "but it's not claiming ownership except if that
> specific binary - as in, their machine compiled it." should read "except of
> that specific binary", not "if".  Very much changes the meaning.  Whoops.
>
>
> On Oct 7, 2015, at 5:16 AM, Collin Anderson <metacollin@xxxxxxxxxxxx>
> wrote:
>
> Code signing is a pain, though having read the official apple docs, I'd
> interpret signing as taking responsibility rather than ownership.  This
> ultimately amounts to whose developer certificates get revoked if you're
> creating malware, so it's a non issue for KiCad.
>
> I'd very much equate it to signing another person's key in gpg: the Wayne
> and Layne account is vouching for the validity of the code and binary
> build, and that it was built on a system with authenticated access to their
> keychain, but it's not claiming ownership except if that specific binary -
> as in, their machine compiled it.  There is no wider implication I would
> say.
>
> Adam, I found this guide very helpful, it gives a great example of
> integrating code signing into various build systems via a shell script, as
> well as what exactly needs signing:
>
>
> http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/
>
> On Oct 6, 2015, at 5:26 PM, Adam Wolf <adamwolf@xxxxxxxxxxxxxxxxxxxx>
> wrote:
>
> Thanks for the feedback.  I will take a look at signing with the Wayne and
> Layne account and will report back.  As long as it doesn't look like we are
> claiming ownership over KiCad I only want to think about this stuff so
> much--we all have important things to do :)
>
> Adam Wolf
> On Oct 6, 2015 3:51 PM, "Wayne Stambaugh" <stambaughw@xxxxxxxxx> wrote:
>
>> On 10/6/2015 12:43 PM, Nick Østergaard wrote:
>> > 2015-10-06 16:14 GMT+02:00 Adam Wolf <adamwolf@xxxxxxxxxxxxxxxxxxxx>:
>> >> Hi folks!
>> >>
>> >> OS X has this thing called Gatekeeper.  Applications that are
>> downloaded off
>> >> the internet fall under its "protection".  Systems have 3 settings for
>> >> Gatekeeper:
>> >>
>> >> 1) Only allow applications distributed through the Mac App Store
>> >> 2) Mac Store + Developer signed applications
>> >> 3) Let anything run
>> >>
>> >> It is certainly beyond scope to distribute KiCad builds through the
>> Mac App
>> >> Store in the near future.  It is not necessarily beyond scope for me
>> to set
>> >> up package signing.  The main benefit we get is that users will no
>> longer
>> >> have to right click on KiCad the first time they open it in order to
>> run the
>> >> unsigned application, and our application appears a little more
>> >> professional.
>> >>
>> >> Assuming the core team doesn't have philosophical objections to this,
>> there
>> >> are some organizational aspects.
>> >>
>> >> The application needs to be signed by a key we'd get from Apple.
>> There is
>> >> likely a $99/yr fee per *developer account* for this.  We already have
>> one
>> >> at Wayne and Layne.  If we used ours to sign the KiCad builds, there
>> would
>> >> likely be a place where you'd be able to see our name on the builds,
>> but we
>> >> could probably get this going in a few days.
>> >>
>> >> Alternatively, we could get another developer account just for KiCad.
>> Wayne
>> >> and Layne can cover the yearly fee.  The application process was
>> actually
>> >> kinda lengthy and involved some phone calls, but we can definitely do
>> it.
>> >
>> > Personally I would not mind it to be signed by Wayne and Layne,
>> > afterall you are donating resources to KiCad, so I don't mind seeing
>> > your name on the certificate related information.
>>
>> I'm not sure what signing entails on OSX but if it's like signing any
>> other file with your GPG key, I don't see any problem with Wayne and
>> Layne signing the KiCad OSX bundles.
>>
>> >
>> >> I haven't worked with this stuff intimately, actually, so the next step
>> >> might be to:
>> >>
>> >> 1) confirm with the core team that this might be reasonable
>> >> 2) I look into it more
>> >>
>> >> Thoughts?
>> >>
>> >> Adam Wolf
>> >> Cofounder and Engineer
>> >> Wayne and Layne
>> >>
>> >> _______________________________________________
>> >> Mailing list: https://launchpad.net/~kicad-developers
>> >> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> >> Unsubscribe : https://launchpad.net/~kicad-developers
>> >> More help   : https://help.launchpad.net/ListHelp
>> >>
>> >
>> > _______________________________________________
>> > Mailing list: https://launchpad.net/~kicad-developers
>> > Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> > Unsubscribe : https://launchpad.net/~kicad-developers
>> > More help   : https://help.launchpad.net/ListHelp
>> >
>>
>> _______________________________________________
>> Mailing list: https://launchpad.net/~kicad-developers
>> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~kicad-developers
>> More help   : https://help.launchpad.net/ListHelp
>>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>
> _______________________________________________
> Mailing list: https://launchpad.net/~kicad-developers
> Post to     : kicad-developers@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~kicad-developers
> More help   : https://help.launchpad.net/ListHelp
>
>