Justin Spahr-Summers
Justin Spahr-Summers
The `--{no-}key` syntax can be fairly limiting. We could support alternatives, like `--with{out}-key`, `--{enable,disable}-key`, etc.
It's unclear the exact set of circumstances that can cause this, but relaunching the parent application too quickly (i.e., when update installation has begun but not completed) can result in...
Using [these instructions](https://github.com/Carthage/Carthage/blob/7a0153cc164e301c46527f6e20c886728a0dc218/README.md#declare-your-compatibility).
It'd be great to use the updating mechanism as an automatic way to push out notices to client applications. For example, if a user on 10.obsolete requests an update, the...
A symlink attack could be used against such an application, to allow malicious code to be installed (possibly with superuser permissions, in the case of a privileged install). This wouldn't...
Use `kSecCSCheckNestedCode` when validating the code signature of an update. Suggested by @keithduncan. This means independently signing all of the dependencies and helpers we ship in our app bundle.
Mike Abdullah has a blog post wherein he describes [ACLs that prevent deletion](http://www.mikeabdullah.net/atomically-copying-a-file.html). This could prevent the app from ever being updated, so we should handle it somehow.
It doesn't really hurt anything by being left there, but it might annoy advanced users who see a bunch of old jobs in their Library folder.
From #56, we should stop prompting users to log in (for administrator privileges) if they cancel the dialog 2 or 3 times. However, manual update checks should always prompt.