#msdyn365bc code signing question: Could I get a trusted signing account and sign app files on behalf of my clients? In other words, does the app file have to be signed by the actual publisher or does it simply need to have any digital signature? - ThreadSky

About ThreadSky

rimmelzwaan.bsky.social • 45 days ago

#msdyn365bc code signing question: Could I get a trusted signing account and sign app files on behalf of my clients? In other words, does the app file have to be signed by the actual publisher or does it simply need to have any digital signature?

Comments

mvendert.bsky.social•44 days ago

You vouch for the app, by signing it. If you write or review the code, no problem. If it's doing something malicious, it's you, the signer, I will blame.

rimmelzwaan.bsky.social•44 days ago

thanks for throwing in 'malicious' and 'blame' while pointing at me, that feels really good

phenno.bsky.social•45 days ago

Afaik, it only has to be signed, but I can't recall where did I get that information...

rimmelzwaan.bsky.social•44 days ago

I know someone who claims they submitted apps to AppSource signed by someone else, and I believe the claim. Just looking for confirmation that this would be an acceptable practice

arthurvdv.bsky.social•44 days ago

I'm quite sure it isn't changed from what @hougaard.bsky.social has mentioned in his video, that it's only verified that the App is signed, but not who signed the App file.

https://youtu.be/DgMsLLBRN0E?feature=shared&t=385

hougaard.bsky.social•44 days ago

This is still the case. There's no link between the publisher and the code sign certificate.

Posting Rules

Be respectful to others
No spam or self-promotion
Stay on topic
Follow Bluesky's terms of service

Comments

Posting Rules

Reply