Any concern to share private key for distribution certificate among different group under a team account in itune provisioning portal

Question

We are a large university and have a single team account in apple itunes provisioning portal. We have serval different groups developing iOS apps, which will be published under the team account (university name). It seems apple only allows to create one distribution certificate. To publish apps, each group will need the private key to sign the app. If we choose to share the private key among all groups, is there any concern?

Someone also suggested revoking the current certificate. I understand it will not affect the current apps in store. But others will have to revoke the certificate again when they want to publish an update, will they?

Otherwise, is there any other solution to this problem if not sharing the private key?

Answer 1

Application distribution is the team agent's task so she is the only person supposed to be in the possession of the distribution certificate's private key. The provisioning portal doesn't have any method of sharing the private key, and I don't think it would ever have such kind of functionality.

The expected way(expected by Apple) is that all apps developed by different groups in an organization are sent to the team agent, who then signs and uploads them to the store.

The normal way(what I have seen in 4 organizations I have worked with) is that the agent shares the private key with leads of the different groups, working on an app.

Revoking the distribution certificate every time, although may not hurt the apps already on the store but definitely would cause unnecessary headaches.