On 13-08-08 08:39 AM, Roberto Alsina wrote: > Also, there is no plan whatsoever to display package signing errors because (I > remember this too ;-) the signature would only be checked on upload, and then > we'd trust that we are getting the packages securely via HTTPS.
I don't think HTTPS is enough to be secure. We need to sign the package checksum with some sort of store key. Marc. -- Mailing list: https://launchpad.net/~ubuntu-appstore-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~ubuntu-appstore-developers More help : https://help.launchpad.net/ListHelp
