flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carol Frampton <cfram...@adobe.com>
Subject Re: [MENTOR] InstallApacheFlex AIR app related questions
Date Wed, 18 Jul 2012 13:18:07 GMT
You asked somewhere how you sign your app in the Apache way.  The process
is somewhat documented here [1].

The rough steps you need to follow are:

1)  Create a key.
2)  Make sure the public part of your key is on one of the public servers.
3)  Add your key to
4)  Ideally your key would be signed by others so it is linked into the
Apache web of trust.  Mine is not.
5)  Use the script sign_and_hash.sh which I just added to a new build
subdirectory to sign your artifacts.
Read the header of the scripts for instructions.  You will need your
private key.

Or, when you're ready, I can sign it.

[1] http://www.apache.org/dev/release-signing.html


On 7/16/12 7 :19PM, "Om" <bigosmallm@gmail.com> wrote:

>(Carol/Alex, please free to jump in as well)
>This page http://people.apache.org/~bigosmallm/installapacheflex/ lets you
>download a binary file.
>For this discussion, the InstallApacheFlex AIR app = 'Installer'
>1.  Should the installer be signed in the same way as the Apache Flex SDK
>binary is signed?  The process for signing AIR apps is described here
>How do we do this in the Apache way?
>2.  The installer downloads the binary distribution of the Apache Flex
>sdk.  Should the installer programatically verify the downloaded binary
>file's signature before uncompressing it?
>3.  I see that mirrors are preferred over downloading directly from Apache
>servers.  Is there a standard list of mirror locations that I can access
>from somewhere?  I think I will need to modify the installer to
>select a mirror for downloading from, right?

View raw message