adobe publisher verification
As I wrote earlier, I have installed and tested about 20+ apollo applications so far. I have noticed one thing. Every one of them had unverified publisher identity. Even Ascension that was written by Mike Chambers, Adobe guru.
Now, I tried to find informations about this verification, why none application has been verified and all of them have unrestricted access to users file system. This can be BIG threat to security. I can now see how much I haven't been careful, but I'm not sure that Adobe gave enough warning about this.
If anyone has some info about publisher verification system, please comment about it. Thank you.
Monetize Your Site
Best Money Makers
Get Reviewed by this blog for $40 at ReviewMe!
At ApolloApps.com we are attempting to address this problem.
We are building an App registry, where the primary key is the AppId and we will have a validation service that will evolve.
We also plan to introduce an App Certification process very soon.
In order for an app to be certified, the application developers would need to publish their Apollo project to our CVS/SVN repository, and we would certify that the app contained no malicious code or procedures that, as you point out, could otherwise be very dangerous if someone uses an untrusted, malicious application.
Tune into ApolloApps.com (http://www.apolloapps.com) for details that will emerge soon. (Comment this)
The second point is that unless ApolloApps is going to do on-the-fly compilation, verifying the source code is pointless. (Comment this)
To your second point, yes, all Apollo applications currently have the same filesystem access as any other desktop application. As with any desktop application, an Apollo application should not be installed unless you trust it. The signing and verification feature is designed to give you additional reliable information with which to make this decision, but you still have to make that decision for yourself.
regards,
Oliver Goldman
Apollo Engineering
Adobe Systems Inc. (Comment this)