Currently we are waiting on bug 796198 before reviewers can install apps on device. If for some reason bug 796198 doesn't or can't happen, the other option is to put the mini-manifest and package in a public location. The problem with this is we no longer respect the privacy of app developers. We do not want just anybody to find out that there is some cool app in the review queue before it is publicly available. When bug 796198 is implemented, this bug would then be to verify that reviewers can install apps from the reviewer page (which also depends on bug 791743).

Has there been any thought on alternative processes for review such as what was described in bug 813797? Although those ideas were described from a developer's perspective.

(In reply to Jason Smith [:jsmith] from comment #1) > Has there been any thought on alternative processes for review such as what > was described in bug 813797? Although those ideas were described from a > developer's perspective. If you're referring to signing packages with a separate reviewers-only cert, I think we need to do both: sign pre-reviewed packages for reviewers and keep the mini-manifest and package behind auth. If bug 796198 is likely not to happen we could brainstorm some ideas. Perhaps security through obscurity on the URLs is enough for a v1 -- i.e. don't use slug names that are easily guessable.

bsmith is checking on feasibility of using a reviewer cert on device.