On Fri, Apr 15, 2016 at 8:40 AM, Dennis Gilmore <dennis@xxxxxxxx> wrote: > On Thursday, April 14, 2016 4:57:31 PM CDT Chris Murphy wrote: >> On Thu, Apr 14, 2016 at 1:56 PM, Dennis Gilmore <dennis@xxxxxxxx> wrote: >> > On Thursday, April 14, 2016 3:33:46 PM CDT Bastien Nocera wrote: >> >> ----- Original Message ----- >> >> >> >> > From the workstation meeting notes apr.13 >> >> > >> >> > 14:06:46 <sesivany> Python2 PyQt doesn't seem to be well maintained on >> >> > Mac and Martin has not been able to build a single installation file >> >> > which is what mac users expect. >> >> > >> >> > What's meant by "single installation file"? >> >> > >> >> > If Fedora Media Writer on OS X will be a self-contained .app >> >> > (directory of all resources, the .app extension makes it appear as a >> >> > single file to the user) then there are multiple ways to deliver that. >> >> > It can be tar.gz, zip, or dmg. User double clicks, then drags the >> >> > application to /Applications or ~/Applications or can even run the >> >> > program from ~/Downloads if they want. If it's not signed, by default >> >> > they get a message and have to go elsewhere to allow it to launch but >> >> > that's fairly well understood at this point by most users. >> >> >> >> Can't Red Hat pay the $100 bucks to have a developer account and >> >> have it signed? >> >> >> >> I'm pretty sure we have some people with developer accounts internally >> >> as well, and it would be better to make it as easy as possible to use. >> >> -- >> >> desktop mailing list >> >> desktop@xxxxxxxxxxxxxxxxxxxxxxx >> >> http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxx >> >> g >> > >> > We will only be shipping code that is signed. >> >> https://developer.apple.com/library/mac/documentation/IDEs/Conceptual/AppDis >> tributionGuide/DistributingApplicationsOutside/DistributingApplicationsOutsi >> de.html >> >> As far as I can tell, such code signing applications or installer >> packages is only possible in XCode, and XCode only runs on OS X, and >> to get a Developer ID certificate requires belonging to the Apple >> Developer Program, which requires agreeing to a EULA. If Red Hat is >> already a Apple Developer Enterprise Program member, great. If not, >> I'd advise any Fedora developer ask Fedora legal to review that EULA >> before they agree to it. > > > https://www.digicert.com/code-signing/mac-os-codesign-tool.htm says we need a > cert and use their codesign tool Nope. I don't even know the point of that service or tool, especially seeing as it references a 17 year old OS. "If you try to open an app that is not registered with Apple by an identified developer you get a warning dialog." https://support.apple.com/kb/PH21769?locale=en_US Slightly older version of the warning dialog the user sees: http://windows.intowindows.netdna-cdn.com/wp-content/uploads/2014/05/cant-be-opened-because-it-is-from-an-unidentified-developer.png If you want to get past Gatekeeper, your application has to be signed within the Apple ecosystem. If you want it signed by some 3rd party, then it'll still get flagged by the OS, and then the user is on their own when it comes to verifying that signature. -- Chris Murphy -- desktop mailing list desktop@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/desktop@xxxxxxxxxxxxxxxxxxxxxxx
