Thanks. I will dig in this weekend but this sounds like something I can put on our nightlies shortly.
Adam Wolf On Oct 7, 2015 6:26 AM, "Collin Anderson" <[email protected]> wrote: > Critical typo: the line "but it's not claiming ownership except if that > specific binary - as in, their machine compiled it." should read "except of > that specific binary", not "if". Very much changes the meaning. Whoops. > > > On Oct 7, 2015, at 5:16 AM, Collin Anderson <[email protected]> > wrote: > > Code signing is a pain, though having read the official apple docs, I'd > interpret signing as taking responsibility rather than ownership. This > ultimately amounts to whose developer certificates get revoked if you're > creating malware, so it's a non issue for KiCad. > > I'd very much equate it to signing another person's key in gpg: the Wayne > and Layne account is vouching for the validity of the code and binary > build, and that it was built on a system with authenticated access to their > keychain, but it's not claiming ownership except if that specific binary - > as in, their machine compiled it. There is no wider implication I would > say. > > Adam, I found this guide very helpful, it gives a great example of > integrating code signing into various build systems via a shell script, as > well as what exactly needs signing: > > > http://successfulsoftware.net/2012/08/30/how-to-sign-your-mac-os-x-app-for-gatekeeper/ > > On Oct 6, 2015, at 5:26 PM, Adam Wolf <[email protected]> > wrote: > > Thanks for the feedback. I will take a look at signing with the Wayne and > Layne account and will report back. As long as it doesn't look like we are > claiming ownership over KiCad I only want to think about this stuff so > much--we all have important things to do :) > > Adam Wolf > On Oct 6, 2015 3:51 PM, "Wayne Stambaugh" <[email protected]> wrote: > >> On 10/6/2015 12:43 PM, Nick Østergaard wrote: >> > 2015-10-06 16:14 GMT+02:00 Adam Wolf <[email protected]>: >> >> Hi folks! >> >> >> >> OS X has this thing called Gatekeeper. Applications that are >> downloaded off >> >> the internet fall under its "protection". Systems have 3 settings for >> >> Gatekeeper: >> >> >> >> 1) Only allow applications distributed through the Mac App Store >> >> 2) Mac Store + Developer signed applications >> >> 3) Let anything run >> >> >> >> It is certainly beyond scope to distribute KiCad builds through the >> Mac App >> >> Store in the near future. It is not necessarily beyond scope for me >> to set >> >> up package signing. The main benefit we get is that users will no >> longer >> >> have to right click on KiCad the first time they open it in order to >> run the >> >> unsigned application, and our application appears a little more >> >> professional. >> >> >> >> Assuming the core team doesn't have philosophical objections to this, >> there >> >> are some organizational aspects. >> >> >> >> The application needs to be signed by a key we'd get from Apple. >> There is >> >> likely a $99/yr fee per *developer account* for this. We already have >> one >> >> at Wayne and Layne. If we used ours to sign the KiCad builds, there >> would >> >> likely be a place where you'd be able to see our name on the builds, >> but we >> >> could probably get this going in a few days. >> >> >> >> Alternatively, we could get another developer account just for KiCad. >> Wayne >> >> and Layne can cover the yearly fee. The application process was >> actually >> >> kinda lengthy and involved some phone calls, but we can definitely do >> it. >> > >> > Personally I would not mind it to be signed by Wayne and Layne, >> > afterall you are donating resources to KiCad, so I don't mind seeing >> > your name on the certificate related information. >> >> I'm not sure what signing entails on OSX but if it's like signing any >> other file with your GPG key, I don't see any problem with Wayne and >> Layne signing the KiCad OSX bundles. >> >> > >> >> I haven't worked with this stuff intimately, actually, so the next step >> >> might be to: >> >> >> >> 1) confirm with the core team that this might be reasonable >> >> 2) I look into it more >> >> >> >> Thoughts? >> >> >> >> Adam Wolf >> >> Cofounder and Engineer >> >> Wayne and Layne >> >> >> >> _______________________________________________ >> >> Mailing list: https://launchpad.net/~kicad-developers >> >> Post to : [email protected] >> >> Unsubscribe : https://launchpad.net/~kicad-developers >> >> More help : https://help.launchpad.net/ListHelp >> >> >> > >> > _______________________________________________ >> > Mailing list: https://launchpad.net/~kicad-developers >> > Post to : [email protected] >> > Unsubscribe : https://launchpad.net/~kicad-developers >> > More help : https://help.launchpad.net/ListHelp >> > >> >> _______________________________________________ >> Mailing list: https://launchpad.net/~kicad-developers >> Post to : [email protected] >> Unsubscribe : https://launchpad.net/~kicad-developers >> More help : https://help.launchpad.net/ListHelp >> > _______________________________________________ > Mailing list: https://launchpad.net/~kicad-developers > Post to : [email protected] > Unsubscribe : https://launchpad.net/~kicad-developers > More help : https://help.launchpad.net/ListHelp > > _______________________________________________ > Mailing list: https://launchpad.net/~kicad-developers > Post to : [email protected] > Unsubscribe : https://launchpad.net/~kicad-developers > More help : https://help.launchpad.net/ListHelp > >
_______________________________________________ Mailing list: https://launchpad.net/~kicad-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~kicad-developers More help : https://help.launchpad.net/ListHelp
