incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clint Modien <cmod...@gmail.com>
Subject Re: [MENTOR] How to handle Air app signing certificate
Date Wed, 15 Aug 2012 21:25:06 GMT
Anyone could sign code with the cert if they know/crack the password for the private key.

I would keep all certs out of the repo in the interest of security and keep them in a safe
place and only grant access to people who create distribution packages.

If you're doing dev… you can generate your own cert.

On Aug 15, 2012, at 1:05 PM, Om wrote:

>> 
>> I fixed all the issues identified by the RAT check except certificate.p12.
>> That's a binary file and I don't think it can go in the source
>> distribution.
>> 
>> I'll leave that to Om and/or Erik to figure out.
>> 
>> 
> It makes sense for any developer who wants to work on it to create their
> own certificate.  Flash Builder makes it very seamless.
> 
> But, what about official releases?  We need to have and maintain one
> certificate so that the app upgrades on client's machines go smoothly.
> 
> .p12 files can be created, modified etc. using a variety of tools like
> Flash Builder, OpenSSL, etc.  Can we make an exception for p12 files and
> keep it in the source?
> 
> Thanks,
> Om


Mime
View raw message