couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick North <nort...@gmail.com>
Subject Re: Code-signing binary releases?
Date Tue, 07 Oct 2014 08:08:02 GMT
+1

If the service is there it seems a good idea to use it, and we are
providing code that runs as a service so signing seems a good idea.
However, CouchDb has never provoked the warnings that Windows gives about
unsigned code for me, even though I have UAC enabled on all my systems.
This may because I'm an admin user on all of them though.

I had a very quick poke around and found this discussion on the Tomcat
mailing list of the effect of signing in Windows and why they need it:
Digitally
sign the Windows binaries.
<https://issues.apache.org/bugzilla/show_bug.cgi?id=56079>

Nick

On 7 October 2014 00:25, Alexander Shorin <kxepal@gmail.com> wrote:

> This is good idea. +1
> --
> ,,,^..^,,,
>
>
> On Tue, Oct 7, 2014 at 3:00 AM, Joan Touzet <joant@lrtw.org> wrote:
> > Presented with no bias on my part, but it showed up in my inbox:
> >
> > https://blogs.apache.org/infra/entry/code_signing_service_now_available
> >
> > Do we care to use something like this for our Windows binary builds?
> > Or are we happy enough to just publish a Windows binary with a checksum?
> > I can see the advantage in signing Windows binaries here.
> >
> > If we add Java or Android components in the future, this could extend to
> > signing those binaries as well. I am sufficiently naive about those
> > environments to not know whether there exist better, freer, more open
> > alternatives that would suffice.
> >
> > What is the process for signing things that end up in the OSX App Store?
> > Would we want to try and get CouchDB in there, or just stick with brew?
> >
> > -Joan
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message