Fwd: Signing keys for commercial app stores

Simon Redman simon at ergotech.com
Mon Jun 10 19:32:49 BST 2019 

KDE Connect GSoC students: here is some potentially helpful information
to you for thinking about posting to commercial app stores. Make sure to
subscribe to kde-devel if you are not already, so that any more of this
conversation can take place there

Thanks,
Simon


-------- Forwarded Message --------
Subject: 	Re: Signing keys for commercial app stores
Date: 	Mon, 10 Jun 2019 21:35:13 +1200
From: 	Ben Cooksley <bcooksley at kde.org>
Reply-To: 	kde-devel at kde.org
To: 	kde-devel <kde-devel at kde.org>



On Mon, Jun 10, 2019 at 2:03 PM Simon Redman <simon at ergotech.com> wrote:
> Hello,

Hi Simon,

> I am Simon, and I work on KDE Connect. This summer, KDE Connect has two
> excellent GSoC students, one working on a MacOS port and one working on
> a Windows port, with the end goal of bringing those ports to feature
> pairity with our Linux version and doing an official release.
>
> While we could just post our releases to some X.kde.org website and
> distribute unsigned binaries, this would not reach as many users as
> having them properly signed and released via the offical MacOS and
> Windows app stores.
>
> Does anyone have experience with:
> A. Windows App Store Releases
> B. MacOS App Store Release
>

While i'm not 100% familiar with things, for Windows releases at least
we already have substantial tooling and infrastructure in place for
this.

The Binary Factory (binary-factory.kde.org) is capable of generating
both regular signed Windows installers, as well as Windows appx
bundles for uploading to the Windows Store. The KDE e.V. also operates
an official presence (as such) on the Windows which Sysadmin governs
control of.

To get started with these, i'd suggest your Windows student work on
the Craft packaging for KStars. Once that is in place we can look into
delegating access to the Windows Store to one of the KStars team to
allow you to submit KStars there (along with updates as needed)

With regards to MacOS, due to how Apple manages this we have no
official option for signing or making releases on the Apple Store at
this time.

Given that an Apple Developer ID is required at minimum for signing
applications, and with an impending change to require applications be
notarised by Apple in future versions of MacOS (will be enforced from
Catalina onwards), it is unlikely we'll be making a change to this (as
there is no benefit to us having the Binary Factory sign apps when
they need to be notaised for users to run them without having to jump
through hoops - we may as well ship them unsigned).

> Thanks,
> Simon

Regards,
Ben
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kdeconnect/attachments/20190610/54b94fe0/attachment.html>

More information about the KDEConnect mailing list