diff --git a/assets/trust-dialog.png b/assets/trust-dialog.png new file mode 100644 index 0000000..bd9c63e Binary files /dev/null and b/assets/trust-dialog.png differ diff --git a/guide/sharing-a-pear-app.md b/guide/sharing-a-pear-app.md index b280f66..952e04a 100644 --- a/guide/sharing-a-pear-app.md +++ b/guide/sharing-a-pear-app.md @@ -93,7 +93,27 @@ With another machine or friend that has `pear` installed execute the `pear run < pear run pear://nykmkrpwgadcd8m9x5khhh43j9izj123eguzqg3ygta7yn1s379o ``` -When `pear run` is executed on the peer machine the staged application should open on that peer. If the application is being opened for the first time on the peer it has no state at all, so the application may show a loader until it's ready to reveal. +When `pear run` is executed on the peer machine there will be a security prompt to add the key to a list of trusted applications by typing 'TRUST'. + +When running a terminal application using an untrusted key for the first time the prompt would be: + +``` +pear run pear://nykmkrpwgadcd8m9x5khhh43j9izj123eguzqg3ygta7yn1s379o +✖ Key pear://nykmkrpwgadcd8m9x5khhh43j9izj123eguzqg3ygta7yn1s379o is not known + +Be sure that software is trusted before running it + +Type "TRUST" to allow execution or anything else to exit + +Trust application? +``` +The trust dialog is a security mechanism in Pear that appears when the user tries to run an application from an unknown or untrusted key for the first time. In case that the app is run in detached mode, for example, when clicking on a pear link in the browser, the trust dialog is a GUI (Graphical User Interface). + +![Trust dialog](../assets/trust-dialog.png) + +> During development with `pear dev`, applications are automatically trusted, as they are assumed to be safe for testing purposes. Trust dialog can be suppressed using the `--no-ask-trust` flag with `pear run` in which case the application will automatically decline unknown keys. + +The application has no state when it's opened for the first time, so the application may show a loader until it's ready to reveal. The application staging machine that is running the seeding process should show output similar to: