ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Signed Click packages

To: Colin Watson <cjwatson@xxxxxxxxxx>
From: Martin Albisetti <martin.albisetti@xxxxxxxxxxxxx>
Date: Thu, 8 Aug 2013 09:36:23 -0300
Cc: Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20130808110104.GT1245@riva.ucam.org>

On Thu, Aug 8, 2013 at 8:01 AM, Colin Watson <cjwatson@xxxxxxxxxx> wrote:
>
>  * Does it matter if you need to be in developer mode to install new
>    signature verification policies?  (If this is unacceptable, we either
>    need to make sure these directories are transparently on the data
>    partition, or have debsig-verify look in alternate locations that
>    are.)
>
>  * Do we need a fancy UI for making decisions like "trust all packages
>    from this signer", or is it acceptable for this to be something we
>    document for enthusiasts for now?

I thought we wouldn't check the developer signatures on the clients,
but rather the store's signatures of the binary (which would include
the developer signature), so users decide whether they want to install
apps that have not gone through the store, not on a per-developer
basis.
Did that change or did I just totally make this up?  :)

-- 
Martin

Follow ups

Re: Signed Click packages
From: Colin Watson, 2013-08-08
Re: Signed Click packages
From: Marc Deslauriers, 2013-08-08
Re: Signed Click packages
From: Roberto Alsina, 2013-08-08

References

Signed Click packages
From: Colin Watson, 2013-08-08