ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Signed Click packages

To: Colin Watson <cjwatson@xxxxxxxxxx>
From: Martin Albisetti <martin.albisetti@xxxxxxxxxxxxx>
Date: Thu, 8 Aug 2013 10:10:56 -0300
Cc: Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <20130808125535.GW1245@riva.ucam.org>

On Thu, Aug 8, 2013 at 9:55 AM, Colin Watson <cjwatson@xxxxxxxxxx> wrote:
>
> If we're having the store sign the binary, that's news to me.  It's
> would be possible, and it would basically amount to appending something
> to the file; but I thought that the store developers were maxed out on
> commitments already, and that we were going to be relying on transport
> security.

I'm now trying to remember where all this conversation happened, as it
was very clear in my head but clearly not too far beyond that.
The plan was to have the signature in the index metadata, not appended
to the file, so on download the client can verify it.

> I was considering this as an optional extra rather than something we'd
> be relying on for core functionality.

Yes, I think it's an optional thing for 13.10, but maybe we'll want to
make it a core functionality beyond that?

-- 
Martin

Follow ups

Re: Signed Click packages
From: James Tait, 2013-08-08
Re: Signed Click packages
From: Colin Watson, 2013-08-08

References

Signed Click packages
From: Colin Watson, 2013-08-08
Re: Signed Click packages
From: Martin Albisetti, 2013-08-08
Re: Signed Click packages
From: Colin Watson, 2013-08-08