Oh man - SIS files, signing, capabilities, certification…
I’m planning to sit down with a colleague at Nokia to think about how we can ease the pain involved with developing with platform security. I’ve been briefly looking at the various steps and tools that it takes to get a SISX built and running on a device, and I gotta say it’s pretty lousy. PlatSec is great for the business, but it sure doesn’t make life easy for a developer…
Anyway, things we’re going to be looking at are…
- Scanning used APIs during buildtime, and creating a report of which capabilities are being accessed (API-to-Capability-to-API mapping)
- Ability to change the certificate used for the build, so quick testing of capabilities is possible
- Integrating the Symbian signing and pre-certification testing tools into the process
Not sure if any device-side agent would help here — to scan for accessed capabilities while you’re running the app?
In any case, the sheer amount of steps is daunting and making it flow easier should make a lot of developer’s work easier… I’ll post an update once we’ve met (in July) and put a plan together.
That sounds like an excellent idea. Are you guys working on this plan lately? Any update? I hope we can hear from you again soon. We’re all excited about this.