Copy+pasting from the thread where packaged keys was dicussed: (...) The main option on this thread seems to be to serve the key from a package vs. pulling it in some other way that involves an API.
Packaged keys have several downsides. If we serve them from a per-user PPA, it would involve a buildtime for each key package, even though the package itself is trivial, so there would be a considerable delay between purchasing the app and being able to download the key for it. If on the other hand we serve the key packages from sca it would involve setting up a basic repository layout on our server and generating (binary) debs on the fly. Generating and taking care of the server certificates, getting them trusted would also be an issue, as well as restricting access to the deb file during installation so that only the rightful owner can access it. Lastly, USC would need to enable more than one source per purchase, and download more than one package, so it would still need changes on the client. The alternative would be to provide an authenticated api call that provides the key. There was a downside with this too: if the key is pulled in as part of a post-install hook, it would be running within a different environment that would have root privileges but possibly not the right network setup or user credentials to get at the key. There is a way around this, and that is to have USC get the key as part of the purchase process (together with the private deb line, or in a separate api call). It has all the right network setup and credentials at that point, and it can put it into a standard location for the application to check. Which location to use for the key was another question. Ideally it would be somewhere within the user's home directory, but the downside of that is that users might tamper with their own key file and delete it or break it unintentionally. A free advantage of USC setting up the keys is that there could be a menu option like the current "Reinstall previous purchases..." that would refetch license keys for you. And it could do this without needing to redownload and install the app (another advantage over post-install hooks). Looking at xdg mvo has recommended ~/.config/software-center/license-keys/ as the standard location for storing the keys. Within that directory we could place one file per application. (...) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/833945 Title: Allow to install system wide license keys To manage notifications about this bug go to: https://bugs.launchpad.net/software-center-agent/+bug/833945/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs