Re: Development workflows for signed code?
Re: Development workflows for signed code?
- Subject: Re: Development workflows for signed code?
- From: Jean-Daniel Dupas <email@hidden>
- Date: Tue, 9 Dec 2008 14:45:02 +0100
Le 9 déc. 08 à 05:12, Jack Repenning a écrit :
I'm just dipping my toes into the world of signed code. After
spending some time with the Code Signing guide, I'm still not clear
on how this affects the work flows around my product (SCPlugin, http://scplugin.tigris.org
, which adds Subversion capabilities to Finder), partly because of
some peculiarities it has:
- It's a Finder plugin, not an app
- It's open-source, so the developers don't work for the same
company, and I need to make it very easy for developers to start
- Many devs work on Tiger, where codesign is not available (release
happens from Leopard)
I think I know how to generate "identities" and sign the plugin
bundle. I see claims that self-signed certs are good enough for
developers. What I'm not clear on, primarily, is what are the
effects of mixing up copies of the same bundle signed with different
identities? Will there be pop-ups that mention the certifying
identity, for instance? Will there be difficulties installing one
version over another (where the signing identity changes)?
My experiments so far seem to show that none of those things
happens. In fact, even if I modify one of the files, so that
"codesign -v" no longer likes the bundle, it still seems to work. Is
"codesign -v" the only (Leopard) thing that cares about all this?
Have a look at this technote. There is a lot of answers in it, for
example, the list of technologies that rely on code signing in Leopard.
http://developer.apple.com/technotes/tn2007/tn2206.html
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden