ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Signed Click packages

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Dave Morley <davmor@xxxxxxxxxxxxx>
Date: Thu, 08 Aug 2013 13:02:29 +0100
In-reply-to: <20130808110104.GT1245@riva.ucam.org>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> * Do we need a fancy UI for making decisions like "trust all
> packages from this signer", or is it acceptable for this to be
> something we document for enthusiasts for now?
> 

No fancy ui, a bit of backend work would cover this.  Have a counter
on the sig once the counter hits 3 for example have the system assume
you are happy with apps from this signature, have the counter reset if
an app with that signature is removed. ie you have become unhappy with
the apps signed by this dev.
- -- 
You make it, I'll break it!

I love my job :)
http://www.ubuntu.com
http://www.canonical.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlIDiNUACgkQT5xqyT+h3OjR9QCbB4N+Thy65DbivKZwgwYO7h11
aKkAoItgukYYfz0XPa49QMVdN8BwVDBQ
=rbMJ
-----END PGP SIGNATURE-----

References

Signed Click packages
From: Colin Watson, 2013-08-08