[guardian-dev] ChatSecure v12 RC2 (12.6.3)
Abel Luck
abel at guardianproject.info
Wed Oct 16 16:55:45 EDT 2013
Dev Random:
> On 10/16/2013 12:56 PM, Hans-Christoph Steiner wrote:
>>
>> On 10/16/2013 07:45 AM, Nathan of Guardian wrote:
>>>
>>> Abel Luck <abel at guardianproject.info> wrote:
>>>> Nathan, and everyone on the list, what do you think of the following?
>>> The decision we made was to keep the Google Play app as is with the existing key, and then release the APKs directly on our site and fdroid repo with the new, stronger key. If we could sign with both the old and new key we would try that as well.
>>>
>>> At this point, I felt it was more important to easily upgrade our existing users than to combat the semi-theoretical RSA 1024 signing key issue.
>>>
>>> +n
>> For the record, I agree with Abel, though we've discussed it before. Also, I
>> don't think it makes sense to put out releases signed in two different keys.
>> That will cause lots of confusion when the Play Store version conflicts with
>> the direct download version.
>
> We should research whether there is a graceful way to transition the
> signing key.
>
We have..and there isn't. The process I just mentioned is about the most
graceful way there is.
I've a blog post about this coming soon.
~abel
More information about the Guardian-dev
mailing list