- From: John Lyle <john.lyle@cs.ox.ac.uk>
- Date: Tue, 02 Apr 2013 18:49:56 +0100
- To: public-sysapps@w3.org
On 02/04/13 18:04, Marcos Caceres wrote: >> > It might be that it's mostly been a tooling issue. Signing is not >> >something you would normally do by hand, so it's always tool-leveraged. >> >It's therefore possible that my experience (and, I'm sure, that of >> >others) stems from the tools being terrible; and it might therefore be >> >possible to have non-horrible tools for this. > There have been some ok tools made… Yahoo widgets had a nice drag-drop-click-done one. But that's only a small part of the "experience"… for WAC, getting a certificate was a huge week long experience full of joy. Having to send personally identifying information, pay a bunch of money, manually sign some kind of contract, wait, fix whatever you screwed up, etc. Yes, it tends to be the process of getting certificates that causes problems. I do agree, though, that many of the tools for signing are pretty bad. On a more positive note, the existence of nearly a million signed Android apps suggests that, while onerous, the addition of an author signature isn't a show stopper on its own. Assuming, of course, that there's a big enough incentive for developers to bother trying and no easier alternative. Whether those signing keys are well protected and serve a useful purpose is a completely different question... John
Received on Tuesday, 2 April 2013 17:50:11 UTC