与外部开发人员共享iOS企业分发证书是否安全? [英] Is it safe to share the iOS Enterprise Distribution Certificate with external developers?

查看:245
本文介绍了与外部开发人员共享iOS企业分发证书是否安全?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我遇到以下情况:我们有一个企业开发者帐户和一个应用程序,我们正在与外部开发人员合作。

I am in the following situation: We have an enterprise developer account and for an app we are working with an external developer.

目前我们还没有访问源代码以便我们无法进行构建,但我们仍然需要每周构建可以安装在设备上...因此外部开发人员需要能够构建ipa文件。

At the moment we do not have access to the source code so we can't make builds, but we still need to have weekly builds that can be installed on devices... therefore the external developer needs to be able to build ipa files.

开发人员现在是开发人员计划的成员,拥有自己的开发人员证书。但是,只能有一个分发证书。

The developer is now a member of the developer program and has their own developer certificate. However, there can only be one distribution certificate.

从安全的角度来看,我们是否安全/建议共享分发证书(和私钥)以及配置文件以便他们可以构建ipa文件?

还有其他(更安全)的选择吗?

Are there any other (safer) choices?

PS:I我还认为我们可以用我们的分发证书辞去ipa,但它仍然让我们处于需要能够构建ipa的情况 - 这只有在安装了分发证书+配置的情况下才有可能。

PS: I was also thinking that we could resign an ipa with our distribution certificate but it still leaves us in the situation where they need to be able to build an ipa - and this is only possible with a distribution certificate + provisioning installed.

推荐答案

您可以让外部开发人员以他想要的任何方式签名,然后您可以重新签署IPA并使用它。这样,从开发人员的角度来看,源代码是安全的,您可以使用您的证书签署的IPA。我通常使用这个,但你也可以在命令行中这样做......

You can have your external developer to sign with whatever he wants and then you can re-sign the IPA and use it. This way the source code is "safe" in the developer's perspective and you can use your IPA signed with your certificate. I normally use this, but you can do it in the command line too...

至于你的 Post Scriptum 部分,那不是真的......我有与外部机构合作的经验,他们使用自己的证书和配置,当我收到他们的IPA我只需要重新签名。

As for your Post Scriptum part, that's not true... I have the experience of working with external agencies where they use their own certificate and provisioning and when I receive their IPA I only need to re-signed it.

这篇关于与外部开发人员共享iOS企业分发证书是否安全?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆