incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Justin Mclean <>
Subject Re: [MENTOR] InstallApacheFlex AIR app related questions
Date Wed, 18 Jul 2012 03:18:30 GMT

> The recommendation is to sign this binary convenience package in the same way as the
binary packages are signed - as pgp detached signature. You can follow the digital signing
discussions on infrastructure-dev in either the archives or by joining the list.

As AIR app include their own signing process wouldn't it be simpler to just sign the application
once rather than twice? If we only sign the package as above we may want to consider the warning
message (basically states that the application is from an unknown and untrusted source) that
is shown when an AIR app is installed for the first time - the normal Apache signing process
won't change this warning.

View raw message