← Back to team overview

ubuntu-appstore-developers team mailing list archive

Re: Letting developers install "3rd party" packages

 

On Wed, Jun 12, 2013 at 12:58 PM, Marc Deslauriers
<marc.deslauriers@xxxxxxxxxxxxx> wrote:
> On 13-06-12 12:26 PM, John Pugh wrote:
>> On Wed, Jun 12, 2013 at 11:30 AM, Marc Deslauriers
>> <marc.deslauriers@xxxxxxxxxxxxx> wrote:
>>> On 13-06-12 11:13 AM, Daniel Holbach wrote:
>>>> Hello everybody,
>>>>
>>>> there seems to have been broad agreement that we should developers
>>>> install packages from outside the app store and it seems like 3 options
>>>> were discussed of which one seems to be preferred (correct me if I'm wrong).
>>>>
>>>> It'd be good if we could finalise the plans on this and track the work
>>>> somewhere.
>>>>
>>>> Thanks a lot everyone for contributing to this!
>>>>
>>>
>>> FYI, the 3 options I discussed were the following:
>>>
>>> 1- Default Secure Mode: By default, device only installs packages which
>>> match hash provided by app store signature.
>>>
>>> 2- Developer Mode: Developer can add his key to device using tethered
>>> developer tool. If package doesn't match app store hash, the signature
>>> on the package itself is checked against local developer key. (Perhaps
>>> the number of developer keys on device is limited to prevent this being
>>> used by third-party app stores, etc.)
>>>
>>> 3- Untrusted Mode: as on Android. User/Developer checks a box which
>>> disables any hash/signature verification.
>>
>> While many will want #3, my layman's thinking would be that #2 is
>> acceptable provided there is a way for a user to put a app on their
>> device in some form or fashion which in my mind is a hybrid of #2 and
>> #3. Even if that means jumping through more hoops than a typical user
>> or developer would.
>
> Putting an untrusted app on your device is #3. In what way is it a hybrid?
>
> Marc.

Untrusted to you may not be untrusted to me. If I want to install
something, I will find a way. I was suggesting that it should be a
little more difficult than "click xx times on xx to enable developer
mode" and a little less daunting than rendering the device
"jailbroken". Developers need to test on real devices (since it's
currently the only way) and some users will want full control to do
what they please. A equal balance of the two is my suggestion.


Follow ups

References