Wednesday, 14 January 2015

Implications of the Signing Process.

* We now can see that we cannot have two distinct signatures for the same package name.

* Signatures are sometimes referred to as public key infrastructure (PKI) certificates.

* More accurately stated, you would use a PKI certificate to sign a bundle, a JAR file, or a DLL or
an application.

* The PKI certificate is tied to the package name to ensure that two developers cannot install a package that carries the same package name.

* However, the same certificate can be used to sign any number of packages.

* I other words one PKI certificate supports many packages.This relationship is one-to-many.

* However one package has one,and only one,signature through its PKI certificate.

* A developer then protects the private key of a certificate with a password.

* These facts are important not only for new releases of the same package but also to share data
between packages when the packages are signed with the same signature.

No comments:

Post a Comment