incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clint Modien <cmod...@gmail.com>
Subject Re: [MENTOR] Re: Release Managers and Multi-platform releases
Date Fri, 17 Aug 2012 00:00:20 GMT
It's usually not feasible for the group responsible for signing binaries to also build the
binary.  It should be secure enough to scp the bits somewhere along with a sha/md5 checksum
file.

On Aug 16, 2012, at 3:13 PM, Om wrote:

> I agree with Carol.  When a release manager signs a binary, they are
> implicitly guaranteeing that what is in the binary was really built from
> the sources.  If they did not create the binary themselves, how can they
> verify what exactly went into the binary.


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message