ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-08-08 07:58 AM, Colin Watson wrote:
> On Thu, Aug 08, 2013 at 07:54:08AM -0400, Marc Deslauriers wrote:
>> On 13-08-08 07:01 AM, Colin Watson wrote:
>>> I won't write new crypto logic if I can possibly help it, so this is a
>>> big win even if the policy format isn't necessarily quite what I would
>>> have chosen.  I'll probably add some new commands to click to do signing
>>> and verification, but they'll just pass through to external commands.
>>
>> dpkg-sig only seems to handle SHA1 and MD5 though, which is unacceptable. We
>> need to change it to something better, like SHA512.
> 
> I didn't mention dpkg-sig, which seems to be an entirely different
> system from debsigs / debsig-verify.

Oh, wow, that's confusing. Sorry, I'll look into that.

>>>  * Do we need a fancy UI for making decisions like "trust all packages
>>>    from this signer", or is it acceptable for this to be something we
>>>    document for enthusiasts for now?
>>
>> I don't think it should have a fancy UI, as I don't think we want to have
>> websites telling people to play with those settings. It should be a
>> developer/debugging thing only, that will likely be only available once you've
>> unlocked the device.
> 
> What exactly is the technical meaning of "unlocked" for Ubuntu Touch?

At some point, for DRM reasons, we may have to lock down the device. This would
remove root access, and enable some sort of boot time verification, much like on
android. Details are fuzzy at the moment, as the DRM requirements are still
unclear. "Unlocking" the device would probably mean putting the device in a
"developer" mode where DRM gets disabled, but root access is granted.

Marc.