Closed ixqbar closed 1 year ago
pilotmoon
commented
1 year ago The signature file is generated by me using a secret cryptographic key. It tells the PopClip app that it can trust the extension and skip any warnings or restrictions it may place on unsigned extensions.
pilotmoon
commented
1 year ago Extensions will work fine without a signature but will show a warning on installation if they contain certain kinds of scripts. Also, PopClip will load unsigned JavaScript extensions into a separate JavaScript context instead of a shared context. This is less memory-efficient but more secure. https://www.popclip.app/dev/#extension-signing
ixqbar
commented
1 year ago Thank you for your reply!
If I have completed the development of a plugin and want to share it with friends, how can I sign it to avoid warnings? Can you provide a detailed explanation of how to sign it?
pilotmoon
commented
1 year ago Only I can sign the extensions. If you submit a pull request to the source-contrib directory, I will sign it for you.
I hope soon to complete a better way of sharing and publishing extensions.
ixqbar
commented
1 year ago Thanks!
_Signature.plist
What is the purpose of the _Signature.plist file and how is it generated?