sentry-cocoa icon indicating copy to clipboard operation
sentry-cocoa copied to clipboard
verified publisher icon getsentry

Adopt codesigning for binary XCFrameworks

Open kahest opened this issue 1 year ago • 0 comments

Description

Code signing for XCFrameworks within a published app is becoming mandatory (right now breaking that requirement only shows warnings, see GH-3740). Developers can self-sign in order to ensure submission works correctly. However, as SDK distributor, we should adopt codesigning so that users can verify authenticity of the prebuilt binary frameworks they are using.

To be considered:

  • certs used to sign signatures expire and can be revoked - this means signatures can become invalid in the future and builds will break. there is currently no safe way around this other than re-signing and re-distributing the SDK

Related: https://github.com/getsentry/sentry-cocoa/issues/3740

kahest avatar Oct 02 '24 08:10 kahest