On Friday June 03 2016 10:21:49 Brandon Allbery wrote: > On Fri, Jun 3, 2016 at 5:41 AM, René J. V. <[email protected]> wrote:
> Ideally it shouldn't be allowing access to the user's chain at all. > post-activate is a system level operation, not user level. I think that's debatable in this context. I'm supposing someone who owns an official (paid) code-signing identify will store it in one of his/her keychains, not in the system keychain. Compare to `sudo codesign -s ID` which will access the sudo user's keychain just fine. Maybe an env. variable thing? R. _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
