[TIMOB-20491] Production builds should not use builtin keystore
| GitHub Issue | n/a |
|---|---|
| Type | Improvement |
| Priority | High |
| Status | Open |
| Resolution | Unresolved |
| Affected Version/s | Release 5.2.0 |
| Fix Version/s | n/a |
| Components | Android |
| Labels | cb-tooling |
| Reporter | Fokke Zandbergen |
| Assignee | Unknown |
| Created | 2016-03-01T13:46:00.000+0000 |
| Updated | 2020-01-30T11:23:17.000+0000 |
Description
If the user does not specify a keystore, we will always [fall back on our builtin keystore](https://github.com/appcelerator/titanium_mobile/blob/981b9f8f61e58e0c74789e6db48ae8feb007b16a/android/cli/commands/_build.js#L1748-L1755).
To enforce security best practices we should require the user to specify a keystore for production builds.
No comments