|
Rockbox mail archiveSubject: RE: Providing Android buildsRE: Providing Android builds
From: Alexandros Schillings <aschillings.lists_at_gmail.com>
Date: Fri, 1 Jul 2011 15:05:27 +0100 There are a couple of issues here. 1. If you are planning to get users to update the application without un-installing, you will need to keep using the same key for every release. Otherwise users will receive signature errors and they will be forced to uninstall/re-install and re-enter any settings. Every debug key is unique (a new one is created per user per Android SDK installation), so all developers in the project who can post final release APKs will need to use the same one. Key expiry on the other hand is not an issue as you can create your own debug key and set the expiry date (disclaimer, its my blog): http://alt236.blogspot.com/2011/06/fixing-error-getting-final-archive.html 2. If you are planning to release the application in the Market, you will need a proper key. Creating and signing an application with a proper key is quite easy ( http://developer.android.com/guide/publishing/app-signing.html). The program to create the key comes with the JDK and signing an application for release is essentially a right-click action in Eclipse. Either way, the people who can do the final "release" compilation will have to sign with a single key which is distributed to each one of them. If the signing key (be it debug or release) is lost/compromised and a new key has to be generated, Android (and the Market) will treat the newly signed application as a completely different app forcing the user to uninstall the previous version. In the market's case you will also need to change the package name and probably unpublish the existing app. Essentially, the differences between a debug and an actual key are 1. You need a proper key to publish in the market 2. A proper key will make users more confident that they are using a proper rockbox release. The headaches of key management remain more-or-less the same either way. Alex The main question would be if you are planning to release the builds in the market. > From: Jonas Häggqvist <rasher_at_rasher.dk<rasher_at_rasher.dk?Subject=Re:%20Providing%20Android%20builds>> > > Date: Thu, 30 Jun 2011 20:28:43 +0200 > > For quite a while now, the Android builds have been perfectly usable, so > what would it take to provide builds for people to download? > > The main issue with providing builds (aside from adapting the build > system, which seems to be in place now), is the question of signing. > > Android lets you sign using a debug key, which provides no real security > and will expire every 6 months, afaiu. Providing builds, signed with such > a key, I think, would be fairly straight forward. > > On the other hand, doing signing with a real key would be more proper, but > probably also more complicated for whoever has to implement it? > > So my question is, what do we want to do? > > Is there opposition to providing debug signed builds until properly signed > builds can be available? > > Did I miss anything? Talk rubbish? Please correct me, I'm going by a vague > understanding of the situation. > > -- > Jonas Häggqvist > rasher(at)rasher(dot)dk > > Received on 2011-07-01 Page template was last modified "Tue Sep 7 00:00:02 2021" The Rockbox Crew -- Privacy Policy |