On 7 Aug 2014, at 2:52 am, Andy McKay <[email protected]> wrote: > > On Aug 1, 2014, at 2:34 AM, Stéphanie Ouillon <[email protected]> > wrote: >> For specific reasons detailed below [3], we need to support a signature >> model compatible with the Android model [4]. Until now, the Marketplace >> has been using the same tools/model. >> >> If we're to support developer signing, we can imagine several models: >> >> 1) handling multiple signatures: the app is signed twice, once by the >> developer and once by the Marketplace (e.g.: having two manifest files >> in META-INF signed by each key) > > Signing twice would seem to be the simplest, since it doesn’t need any trust > between the Marketplace and the developer. The signing by the Marketplace > indicates a different thing (Mozilla approves this app) from the Developer > signing (that over a period of release we can trust the app is from the some > developer). > > Would the Marketplace be expected to do anything with that developer signing > - for example, check that the signing is by certain trusted developers, or > stays the same over time or anything else?
Initially I don’t think it _needs_ to do anything at least initially, but yes I can imagine that we would want to enforce some security controls such as checking that the signature was valid before adding our signature. Perhaps associating a signature with an account so that developers can vouch for their content. > > Are there limits on the types of apps that could be signed, e.g.: only > Packaged apps? Yes, only static apps can be signed - i.e. only packaged apps. Signing dynamically generated content defeats the purpose of signing. > > Andy > > >
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
