Ongoing BlackBerry Code Signing Servers Issues & Outage

 Outage

In a really painful move for most third party developers RIM’s code signing servers have been down and having issues since the weekend started. RIM is the only company I know of that requires developers to “phone home” to RIM’s infrastructure to code sign applications and the whole process is already cumbersome. I have been begging my contacts at RIM for years to get rid of the undo burden this complex code signing process adds to BlackBerry developers but it has fallen on deaf ears and instead they have been trying to improve it ever so slowly.

Josep pointed out to me that the code signing servers were down earlier in the week but that is not unusual. What is unusual is how long they have been down for and are still currently in a “degraded state 3-10 emails every single time they code sign an application but they have failed to notify devs about when this outage will be fixed or even its status. This is stopping devs from releasing or testing their third party apps until the code signing servers are back up.

Josep also pointed out this website that tracks the success and downtime of all 4 of the signing servers:
isthesigningserverdown.com/beta/

We shouldn’t need such a website. Hopefully somebody at RIM is noticing and realizes that code signing should only be required for the more complex Certicom cryptographic APIs. They offer mickey mouse security and RIM can simply allow remote killing of rogue apps using another process like BIS. While this is not a big deal in the long run I simply hate code signing…

10 total comments on this postSubmit your comment!
  1. Rim needs to get that together of all things not the servers to tear apps Jesus but that’s expected when you have servers down time

  2. I hope that’s a upgrade process they doing

  3. Not all APIs on the BlackBerry require the code signing process. In fact, it is possible to write an entire application that works without needing to go through the signing process. However, doing almost anything remotely useful or interesting on the device requires use of these signed APIs. (and of course, unless your app is a badly ported J2ME trinket, its probably gotten worse)

    Back in the early days of the LogicMail project, when signing keys had a $100 price tag, I bent over backwards to avoid any signed APIs. My issue was that as an open-source project, I didn’t feel comfortable imposing a code signing requirement on anyone who would want to reuse or tinker with my code. As such, v1.x of the app does not require code signing. Of course there are also a lot of things it can’t do because of this, many of which may harm usability. I even have had a FAQ entry on the project website attempting to explain this.

    As I moved forward, two things happened. First, the price of signing keys dropped significantly. Second, the use of signing-required APIs was pretty much required for most of the user-demanded features I wanted to put in the app. (Both obvious features, and under-the-covers things that improved usability.) So I eventually sucked it up, got my keys, and started using those APIs.

  4. RIM’s information policy on this is ok from my POV: there were forum entries by Mark Sohm and also twittered by @BlackBerryDev, so if I follow twitter or listening to the forums I know that there’s a problem.

    process to register was better then a year ago and license keys are free in the meantime – also ok.

    What I don’t understand that there’s no fallback with mirrored servers at other locations for such an important feature.

    And of course best would be to get rid of this remote signing process.

  5. @ekkescorner how can you say that “RIM’s information policy on this is ok”?

    They have provided no information on:

    1. How long the outage will be for
    2. What actually happened
    3. What they are doing to fix the problem

    All we get is the occasional vague response from Mark Sohm saying “we’re working on it”. He even makes light of the situation in his recent post, completely misunderstanding the general feeling of frustration in the dev forums.

    The posts on twitter are few and offer no new information.

    It shows a complete lack of regard for developers to not even provide us with basic information about the problem and an ETA for it being fixed.

    Why you’re sticking up for RIM I have no idea. Whatever the reason, they’re lucky to have a fan boy, there aren’t many of you left!

    • I only want to be fair….

      what else can they do then to say “we’re working on it” ?

      if this would be a regulary update of servers or so (as happened before sometimes) then RIM always posts and twitters the scheduled time-frame. in this case something worse happened and they’re working on it…

      remember some time ago Amazon cloud servers crashed…. they also told the world “we’re working on it”

  6. BTW: Signing Servers are up and running

  7. This make some sense to me haha

  8. I am rather impressed by that website…

1 pingback on this post

BlackBerry© is a registered Trademark of BlackBerry Limited. BerryReview is in no way affiliated with BlackBerry Limited though sometimes their lawyers send us love letters...

Copyright © 2007-‘2014’ BerryReview LLC