On Thu, Aug 08, 2013 at 07:54:08AM -0400, Marc Deslauriers wrote: > On 13-08-08 07:01 AM, Colin Watson wrote: > > I won't write new crypto logic if I can possibly help it, so this is a > > big win even if the policy format isn't necessarily quite what I would > > have chosen. I'll probably add some new commands to click to do signing > > and verification, but they'll just pass through to external commands. > > dpkg-sig only seems to handle SHA1 and MD5 though, which is unacceptable. We > need to change it to something better, like SHA512.
I didn't mention dpkg-sig, which seems to be an entirely different system from debsigs / debsig-verify. > > This does leave a couple of questions: > > > > * Does it matter if you need to be in developer mode to install new > > signature verification policies? (If this is unacceptable, we either > > need to make sure these directories are transparently on the data > > partition, or have debsig-verify look in alternate locations that > > are.) > > By 'developer mode', we're talking about opting out of the image-based > updates, > right? We should probably find a better name for that, it's pretty confusing > :) Right. > I think app developers would probably want to remain in image-based updates > mode, to be able to actually test their apps in the same environment as the > shipping devices. Mm. OK. > > * Do we need a fancy UI for making decisions like "trust all packages > > from this signer", or is it acceptable for this to be something we > > document for enthusiasts for now? > > I don't think it should have a fancy UI, as I don't think we want to have > websites telling people to play with those settings. It should be a > developer/debugging thing only, that will likely be only available once you've > unlocked the device. What exactly is the technical meaning of "unlocked" for Ubuntu Touch? -- Colin Watson [[email protected]] -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
