ubuntu-appstore-developers team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

On 13-08-08 09:26 AM, Colin Watson wrote:
> On Thu, Aug 08, 2013 at 10:10:56AM -0300, Martin Albisetti wrote:
>> On Thu, Aug 8, 2013 at 9:55 AM, Colin Watson <cjwatson@xxxxxxxxxx> wrote:
>>> If we're having the store sign the binary, that's news to me.  It's
>>> would be possible, and it would basically amount to appending something
>>> to the file; but I thought that the store developers were maxed out on
>>> commitments already, and that we were going to be relying on transport
>>> security.
>>
>> I'm now trying to remember where all this conversation happened, as it
>> was very clear in my head but clearly not too far beyond that.
>> The plan was to have the signature in the index metadata, not appended
>> to the file, so on download the client can verify it.
> 
> This is no doubt possible but maybe we should revisit it.  I certainly
> don't think that the server should modify the control or data elements
> of the package, but appending a signature seems tolerable and it would
> mean we could use existing tools rather than having to write new ones.
> 

There's possibly two different approaches here:

1- We modify the package by adding an appstore signature to the package itself.

Advantage: uses existing tools
Disadvantage: We're altering the file that was uploaded by the app developer

2- We add an appstore package signature to the appstore metadata

Advantage: Application file remains intact
Disadvantage: requires some tooling

Marc.