A correction to comment #8, after the latest changes in the spec:
The code doing app updates in system settings will also need to do the same steps as the click scope:
- fetch the sha-512 hash from the package details webservice
- pass it to download manager so it can verify the download of the package with the store signature appended.
There's no longer a need for the updater nor the click scope to download signatures nor to pass them to packagekit.
A correction to comment #8, after the latest changes in the spec:
The code doing app updates in system settings will also need to do the same steps as the click scope:
- fetch the sha-512 hash from the package details webservice
- pass it to download manager so it can verify the download of the package with the store signature appended.
There's no longer a need for the updater nor the click scope to download signatures nor to pass them to packagekit.