ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-08-08 08:36 AM, Martin Albisetti wrote:
> On Thu, Aug 8, 2013 at 8:01 AM, Colin Watson <cjwatson@xxxxxxxxxx> wrote:
>>
>>  * Does it matter if you need to be in developer mode to install new
>>    signature verification policies?  (If this is unacceptable, we either
>>    need to make sure these directories are transparently on the data
>>    partition, or have debsig-verify look in alternate locations that
>>    are.)
>>
>>  * Do we need a fancy UI for making decisions like "trust all packages
>>    from this signer", or is it acceptable for this to be something we
>>    document for enthusiasts for now?
> 
> I thought we wouldn't check the developer signatures on the clients,
> but rather the store's signatures of the binary (which would include
> the developer signature), so users decide whether they want to install
> apps that have not gone through the store, not on a per-developer
> basis.
> Did that change or did I just totally make this up?  :)
> 

Yes, we should just be checking the store's signatures. The developer signatures
are for a few other things:

1- Verify the package the developer uploaded on the server side to make sure it
came from them
2- Allow a developer to install his key onto his device in developer mode so he
can install his own applications without necessarily disabling all package security
3- In the future, allow enterprises to deploy in-house applications (Will
require some sort of authorization server to make sure this isn't abused)
4- In the future, allow developers to target certain users for beta testing
their application (This will either require some sort of authorization server to
make sure it can't be abused, or we simply allow developers to go through the
store for beta versions)

Perhaps some other things I can't think of right now.

Marc.