- From: Marcos Caceres <w3c@marcosc.com>
- Date: Tue, 2 Apr 2013 19:16:02 +0100
- To: John Lyle <john.lyle@cs.ox.ac.uk>
- Cc: public-sysapps@w3.org
On Tuesday, 2 April 2013 at 18:49, John Lyle wrote: > On 02/04/13 18:04, Marcos Caceres wrote: > > > > It might be that it's mostly been a tooling issue. Signing is not > > > > something you would normally do by hand, so it's always tool-leveraged. > > > > It's therefore possible that my experience (and, I'm sure, that of > > > > others) stems from the tools being terrible; and it might therefore be > > > > possible to have non-horrible tools for this. > > > > > > > > > There have been some ok tools made… Yahoo widgets had a nice drag-drop-click-done one. But that's only a small part of the "experience"… for WAC, getting a certificate was a huge week long experience full of joy. Having to send personally identifying information, pay a bunch of money, manually sign some kind of contract, wait, fix whatever you screwed up, etc. > > Yes, it tends to be the process of getting certificates that causes > problems. I do agree, though, that many of the tools for signing are > pretty bad. > > On a more positive note, the existence of nearly a million signed > Android apps suggests that, while onerous, the addition of an author > signature isn't a show stopper on its own. Absolutely. Also just had a look at the Chrome Extension one, and it's also three clicks… as long as you have the .pem already generated. There is also the google developer dashboard, but I haven't had a chance to play with it (though I did pay my 5 bucks). > Assuming, of course, that > there's a big enough incentive for developers to bother trying and no > easier alternative. Whether those signing keys are well protected and > serve a useful purpose is a completely different question… Agreed. I raise it because I know how problematic all solutions are and the required infrastructure can make implementing these solutions practically impossible for anyone but really large organisations - that might not be an issue, but something to consider. -- Marcos Caceres http://datadriven.com.au
Received on Tuesday, 2 April 2013 18:16:33 UTC