There is the need to allow sharing software license key by all users on the system. So they need to be dropped to an accessible location on the system. This bug tracks the discussion and progress of this effort.
From a security point of view we allow a desktop user to "randomly" drop files on the system. So we should try to define the dropping area and the content of the file as tight as possible.
Open issues:
* Can we assume that we can patch or force the shipped software in /opt to use a common place defined by our policy (problem with proprietary software)?
* If the above question is yes: Can we store the licenses in a central repository e.g. /var/licenses/pkgname.key? Or should we store them in the corresponding /opt/pkgname dir?
* If the first question is no: Can we still assume that the key has to be stored in the /opt/pkgname dir? E.g. Does a "special" customer insist on uppercase naming which is not allowed as a package name /opt/AcrobatReader?
* Can we sign the key by Launchpad to make sure to only drop a file which can be sure of to be license key? The signature check needs to be done by aptdaemon
* We need a trusted way to transfer the location of the key to aptdaemon - current solution would be to store the key path in a package control field (XB-LicenseKeyPath). But we could also append this information to a signed license key, see question above.
Or a more basic question: Why don't you ship licenses in packages? It is just a static file.