ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-06-12 11:13 AM, Daniel Holbach wrote:
> Hello everybody,
> 
> there seems to have been broad agreement that we should developers
> install packages from outside the app store and it seems like 3 options
> were discussed of which one seems to be preferred (correct me if I'm wrong).
> 
> It'd be good if we could finalise the plans on this and track the work
> somewhere.
> 
> Thanks a lot everyone for contributing to this!
> 

FYI, the 3 options I discussed were the following:

1- Default Secure Mode: By default, device only installs packages which
match hash provided by app store signature.

2- Developer Mode: Developer can add his key to device using tethered
developer tool. If package doesn't match app store hash, the signature
on the package itself is checked against local developer key. (Perhaps
the number of developer keys on device is limited to prevent this being
used by third-party app stores, etc.)

3- Untrusted Mode: as on Android. User/Developer checks a box which
disables any hash/signature verification.

Marc.