What is the suggested method for signing RPM and/or DEB packages

What is the suggested method for signing RPM and/or DEB packages

Usually an rpm or a deb package are signed. Is it already decided what the signing process will be? * Do we sign with our own key? * Is the package signed by Intel when it is placed in the app store? * If we use our own key then what will happen when the user installs the package? Will there be a popup in case of an unknown signature?
5 posts / 0 new
Last post
For more complete information about compiler optimizations, see our Optimization Notice.

Kees,

That is a great question, as it does not seem to be addressed in any of the documentation. Because the Moblin ApppUp Beta has not been released yet there are many unknowns. I can however parallel it with Windows development in the AppUp Beta; Windows MSIi installers are not required to be signed, nor are they signed by Intel.

Hi Brian,

Let's keep this issue on the "to be checked later" list. If the package is installed without user interaction then it may not be a real problem. But still, the package remains "untrusted".

Sounds good. I would recommend you refresh http://www.intel.com/Consumer/Products/appup.htm often, as things happen fast around here sometimes.

>> Usually an rpm or a deb package are signed. Is it already decided what the signing process will be?

since there is no mention of signing; one would probably assume that the intel tool will perform the signing post-developer submission. intel will be responsible for distributing the binaries; so it would be natural that they sign it - as you mentioned as part of item number two.

// Aaron Ardiri
Mobile 1UP
http://www.mobile1up.com/

Leave a Comment

Please sign in to add a comment. Not a member? Join today