Critical typo: the line "but it's not claiming ownership except if that specific binary - as in, their machine compiled it." should read "except of that specific binary", not "if". Very much changes the meaning. Whoops.
> On Oct 7, 2015, at 5:16 AM, Collin Anderson <[email protected]> wrote: > > Code signing is a pain, though having read the official apple docs, I'd > interpret signing as taking responsibility rather than ownership. This > ultimately amounts to whose developer certificates get revoked if you're > creating malware, so it's a non issue for KiCad. > > I'd very much equate it to signing another person's key in gpg: the Wayne and > Layne account is vouching for the validity of the code and binary build, and > that it was built on a system with authenticated access to their keychain, > but it's not claiming ownership except if that specific binary - as in, their > machine compiled it. There is no wider implication I would say. > > Adam, I found this guide very helpful, it gives a great example of > integrating code signing into various build systems via a shell script, as > well as what exactly needs signing: > > http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/ > >> On Oct 6, 2015, at 5:26 PM, Adam Wolf <[email protected]> wrote: >> >> Thanks for the feedback. I will take a look at signing with the Wayne and >> Layne account and will report back. As long as it doesn't look like we are >> claiming ownership over KiCad I only want to think about this stuff so >> much--we all have important things to do :) >> >> Adam Wolf >> >>> On Oct 6, 2015 3:51 PM, "Wayne Stambaugh" <[email protected]> wrote: >>> On 10/6/2015 12:43 PM, Nick Østergaard wrote: >>> > 2015-10-06 16:14 GMT+02:00 Adam Wolf <[email protected]>: >>> >> Hi folks! >>> >> >>> >> OS X has this thing called Gatekeeper. Applications that are downloaded >>> >> off >>> >> the internet fall under its "protection". Systems have 3 settings for >>> >> Gatekeeper: >>> >> >>> >> 1) Only allow applications distributed through the Mac App Store >>> >> 2) Mac Store + Developer signed applications >>> >> 3) Let anything run >>> >> >>> >> It is certainly beyond scope to distribute KiCad builds through the Mac >>> >> App >>> >> Store in the near future. It is not necessarily beyond scope for me to >>> >> set >>> >> up package signing. The main benefit we get is that users will no longer >>> >> have to right click on KiCad the first time they open it in order to run >>> >> the >>> >> unsigned application, and our application appears a little more >>> >> professional. >>> >> >>> >> Assuming the core team doesn't have philosophical objections to this, >>> >> there >>> >> are some organizational aspects. >>> >> >>> >> The application needs to be signed by a key we'd get from Apple. There >>> >> is >>> >> likely a $99/yr fee per *developer account* for this. We already have >>> >> one >>> >> at Wayne and Layne. If we used ours to sign the KiCad builds, there >>> >> would >>> >> likely be a place where you'd be able to see our name on the builds, but >>> >> we >>> >> could probably get this going in a few days. >>> >> >>> >> Alternatively, we could get another developer account just for KiCad. >>> >> Wayne >>> >> and Layne can cover the yearly fee. The application process was actually >>> >> kinda lengthy and involved some phone calls, but we can definitely do it. >>> > >>> > Personally I would not mind it to be signed by Wayne and Layne, >>> > afterall you are donating resources to KiCad, so I don't mind seeing >>> > your name on the certificate related information. >>> >>> I'm not sure what signing entails on OSX but if it's like signing any >>> other file with your GPG key, I don't see any problem with Wayne and >>> Layne signing the KiCad OSX bundles. >>> >>> > >>> >> I haven't worked with this stuff intimately, actually, so the next step >>> >> might be to: >>> >> >>> >> 1) confirm with the core team that this might be reasonable >>> >> 2) I look into it more >>> >> >>> >> Thoughts? >>> >> >>> >> Adam Wolf >>> >> Cofounder and Engineer >>> >> Wayne and Layne >>> >> >>> >> _______________________________________________ >>> >> Mailing list: https://launchpad.net/~kicad-developers >>> >> Post to : [email protected] >>> >> Unsubscribe : https://launchpad.net/~kicad-developers >>> >> More help : https://help.launchpad.net/ListHelp >>> >> >>> > >>> > _______________________________________________ >>> > Mailing list: https://launchpad.net/~kicad-developers >>> > Post to : [email protected] >>> > Unsubscribe : https://launchpad.net/~kicad-developers >>> > More help : https://help.launchpad.net/ListHelp >>> > >>> >>> _______________________________________________ >>> Mailing list: https://launchpad.net/~kicad-developers >>> Post to : [email protected] >>> Unsubscribe : https://launchpad.net/~kicad-developers >>> More help : https://help.launchpad.net/ListHelp >> _______________________________________________ >> Mailing list: https://launchpad.net/~kicad-developers >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~kicad-developers >> More help : https://help.launchpad.net/ListHelp > _______________________________________________ > Mailing list: https://launchpad.net/~kicad-developers > Post to : [email protected] > Unsubscribe : https://launchpad.net/~kicad-developers > More help : https://help.launchpad.net/ListHelp
_______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp
