Development workflows for signed code?
Development workflows for signed code?
- Subject: Development workflows for signed code?
- From: Jack Repenning <email@hidden>
- Date: Mon, 8 Dec 2008 20:12:19 -0800
I'm just dipping my toes into the world of signed code. After spending
some time with the Code Signing guide, I'm still not clear on how this
affects the work flows around my product (SCPlugin, http://scplugin.tigris.org
, which adds Subversion capabilities to Finder), partly because of
some peculiarities it has:
- It's a Finder plugin, not an app
- It's open-source, so the developers don't work for the same
company, and I need to make it very easy for developers to start
- Many devs work on Tiger, where codesign is not available (release
happens from Leopard)
I think I know how to generate "identities" and sign the plugin
bundle. I see claims that self-signed certs are good enough for
developers. What I'm not clear on, primarily, is what are the effects
of mixing up copies of the same bundle signed with different
identities? Will there be pop-ups that mention the certifying
identity, for instance? Will there be difficulties installing one
version over another (where the signing identity changes)?
My experiments so far seem to show that none of those things happens.
In fact, even if I modify one of the files, so that "codesign -v" no
longer likes the bundle, it still seems to work. Is "codesign -v" the
only (Leopard) thing that cares about all this?
-==-
Jack Repenning
email@hidden
Project Owner
SCPlugin
http://scplugin.tigris.org
"Subversion for the rest of OS X"
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden