ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Signed Click packages

To: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
From: Colin Watson <cjwatson@xxxxxxxxxx>
Date: Thu, 8 Aug 2013 14:37:46 +0100
In-reply-to: <52039E42.40601@canonical.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Aug 08, 2013 at 09:33:54AM -0400, Marc Deslauriers wrote:
> 1- Ship an appstore key on the device
> 2- server creates signature for uploaded packages, and stores with metadata that
> gets downloaded
> 3- package installer verifies package signature located in metadata with
> appstore key

That would either mean I couldn't use existing tools, or that I'd have
to extend them to support detached signatures.  Not necessarily
horrible, but it doesn't come quite as much for free.

-- 
Colin Watson                                       [cjwatson@xxxxxxxxxx]

References

Signed Click packages
From: Colin Watson, 2013-08-08
Re: Signed Click packages
From: Martin Albisetti, 2013-08-08
Re: Signed Click packages
From: Roberto Alsina, 2013-08-08
Re: Signed Click packages
From: Marc Deslauriers, 2013-08-08
Re: Signed Click packages
From: Martin Albisetti, 2013-08-08
Re: Signed Click packages
From: Marc Deslauriers, 2013-08-08