The Adobe AIR 1.5.2 release is now available. There are relatively few changes in it, given that it's a minor release, but I'll nonetheless be posting a few entries about the more interesting changes.
Perhaps most interesting of all is that we've revised the much-loved unrestricted system access warning that's displayed during application install. I think you'll be pleased with the new design:
Please note that this change applies only to applications signed with certificates that are trusted on the targeted machine. I hope you'll find some comfort in knowing that we do, indeed, listen to--and appreciate--your feedback.
AWESOME! AWESOME! AWESOME! THANK YOU.
Thanks you so much!!!
Why hasn't Adobe AIR exactly copied the OS installation install warning/process? On Vista it should look and use the same verbiage as the Vista's native installer, on OS X it should look and use the same verbiage as the OS X installer....etc
Your application is signed but there is still a question mark on top like with previous AIR version, why not a valid check instead?
Despite this, that's a great!
oh thank goodness. Finally, users wont be so scared, and clients wont be so nervous. Thanks!!!
THANK YOU!!!!!!!
The signed certificate approach is punitive to hobbyists and small-time developers. Why should there be a $300 yearly fee involved to distribute an application? It provides a disincentive to using AIR. Why is there a need for a signed certificate if I distribute my AIR app through my own website? The end-user knows exactly who the publisher is: my website.
Adobe Flex/AIR is one of the most elegant approaches to software development, but the signed-certificate "feature" adds a scar to that beauty. It would be my wish that the "Application Install" screen becomes more friendly to those not using certificates.
Zeke,
The problem is that the end user *doesn't* "know exactly who the publisher is" unless the app is signed with a trusted cert.
An attacker can intercept the http traffic between the user and your server (for example using a man-in-the-middle attack). When the user clicks the link to download your application, the attacker can modify your application in transit or send an entirely different application to the user instead. Consequently, the mere fact that an application *appears* to come from a particular web site doesn't mean it *actually* comes from that web site.
Signing your app with a trusted cert means that the operating system can prove that 1) the actual bits that got downloaded to the computer didn't change from what they were when the app was signed, and 2) the person who signed the app has proven to Verisign or some other certificate authority that they are in fact who they claim to be.
(Of course, whether you trust that person or organization is still up to you. But at least with an app signed with a trusted certificate, you can know who the app really came from, so that you can decide whether you trust them or not.)
-Paul