Closed Bug 814236 Opened 12 years ago Closed 12 years ago

Keep pre-reviewed mini-manifest and package protected

Categories

(Marketplace Graveyard :: Reviewer Tools, defect)

Product:
Marketplace Graveyard
Component:
Reviewer Tools
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: robhudson, Unassigned)

References

Details

Currently we are waiting on bug 796198 before reviewers can install apps on device.

If for some reason bug 796198 doesn't or can't happen, the other option is to put the mini-manifest and package in a public location. The problem with this is we no longer respect the privacy of app developers. We do not want just anybody to find out that there is some cool app in the review queue before it is publicly available.

When bug 796198 is implemented, this bug would then be to verify that reviewers can install apps from the reviewer page (which also depends on bug 791743).
Has there been any thought on alternative processes for review such as what was described in bug 813797? Although those ideas were described from a developer's perspective.
(In reply to Jason Smith [:jsmith] from comment #1)
> Has there been any thought on alternative processes for review such as what
> was described in bug 813797? Although those ideas were described from a
> developer's perspective.

If you're referring to signing packages with a separate reviewers-only cert, I think we need to do both: sign pre-reviewed packages for reviewers and keep the mini-manifest and package behind auth.

If bug 796198 is likely not to happen we could brainstorm some ideas. Perhaps security through obscurity on the URLs is enough for a v1 -- i.e. don't use slug names that are easily guessable.
bsmith is checking on feasibility of using a reviewer cert on device.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.