ubuntu-appstore-developers team mailing list archive

[Colin Watson <cjwatson@xxxxxxxxxx>]

On Thu, Aug 08, 2013 at 09:36:23AM -0300, Martin Albisetti wrote:
> On Thu, Aug 8, 2013 at 8:01 AM, Colin Watson <cjwatson@xxxxxxxxxx> wrote:
> >  * Does it matter if you need to be in developer mode to install new
> >    signature verification policies?  (If this is unacceptable, we either
> >    need to make sure these directories are transparently on the data
> >    partition, or have debsig-verify look in alternate locations that
> >    are.)
> >
> >  * Do we need a fancy UI for making decisions like "trust all packages
> >    from this signer", or is it acceptable for this to be something we
> >    document for enthusiasts for now?
> 
> I thought we wouldn't check the developer signatures on the clients,
> but rather the store's signatures of the binary (which would include
> the developer signature), so users decide whether they want to install
> apps that have not gone through the store, not on a per-developer
> basis.
> Did that change or did I just totally make this up?  :)

TBH I don't much care what policies people choose to apply; I'm just
interested in making sure the basic facilities are available.

If we're having the store sign the binary, that's news to me.  It's
would be possible, and it would basically amount to appending something
to the file; but I thought that the store developers were maxed out on
commitments already, and that we were going to be relying on transport
security.

I was considering this as an optional extra rather than something we'd
be relying on for core functionality.

-- 
Colin Watson                                       [cjwatson@xxxxxxxxxx]