ubuntu-appstore-developers team mailing list archive

Thread
Date

Changes to access control for click downloads

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: James Westby <james.westby@xxxxxxxxxxxxx>
Date: Thu, 01 Aug 2013 17:21:25 -0400
User-agent: Notmuch/0.12 (http://notmuchmail.org) Emacs/23.3.1 (x86_64-pc-linux-gnu)

Hi,

We've just deployed a change to staging that alters the way that access
control for downloads is done. Previously the request was just checked
for valid credentials, but now SCA is also consulted to ensure that the
user is able to download the file. This is to keep unpublished files
secret, so that developers can launch when they are ready, and also one
of the pre-requisites to being able to sell click packages.

This shouldn't have much impact, but if you were testing with a file
that has had its entry in the SCA db deleted, you will no longer be able
to download it. Also, if the package isn't published, only the owner and
the reviewers will be able to download it.

It is still possible to oauth sign the request using either headers or a
query string.

Let me know if you have an problems that you think may be connected to
this change.

Thanks,

James

Follow ups

Re: Changes to access control for click downloads
From: Alejandro J. Cura, 2013-08-05