On Tue, Jun 28, 2016 at 8:38 PM, Zachary Oglesby <zach(a)oglesby.co> wrote:
Thanks for the info, it sounds like the macOS application really
Mac to build then as, at least in my opinion, Apple's signing process
provides the users with the easiest workflow, and the highest level of
assurance that the code is legitimate.
Yes. What I'm uncertain about is what this would look like if it were
shipped as a container for Docker on Mac (using HyperKit instead of
Virtual Box) if there's any kind of code signing there, or if it's
obviated because it's in a container and thus "safe". But then also
whether the container has the necessary privilege to dd to a raw
Can you also provide us information on the Windows build process?
No idea really. I asked a colleague who does Windows IT and he doesn't
know for sure either. I think that world is much more variable. He
suspects that it's possible to get a 3rd party certificate issued,
signed by an intermediate certificate already included in Windows, and
Windows will run binaries signed with that 3rd party cert. But... I
don't know. So it might be easier than on macOS.
I know there's a preference to have a native installer. But it seems
fairly clear this could be a Docker or Flatpak package for Linux
distros. If that's going to happen anyway, the installation of Docker
on Mac (or Windows) seems a lot easier to evaluate than even the most
rudimentary evaluation of either Apple or Microsoft's native app
There are some very neat advantages if this could be done as a
container, aside from far fewer variations between the tools. Doing
the overlay setup, currently not supported in Fedora Media Writer, but
desired, means having access to Linux tools to write out the necessary
metadata. If this is already available in the container no matter the
platform, it's easier than having to write an installer specific
library to do that. And so on.