incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clint Modien <cmod...@gmail.com>
Subject Re: [MENTOR] How to handle Air app signing certificate
Date Thu, 16 Aug 2012 00:43:20 GMT
Sounds good… strange that Apache doesn't have a code signing process in place already…
seems like a pretty common requirement.

On Aug 15, 2012, at 4:30 PM, Om wrote:

> So how does this sound:
> 
> 
>   - We don't keep the .p12 file in the repo.
>   - We ask developers who want to work with the source code to generate a
>   .p12 file (using FB or similar tools) for themselves
>   - They should not check it in (add *.p12 to svn ignore?)
>   - The release managers would create a .p12 certificate(and a pass code)
>   as the official one.  This will not be checked in.
>   - A release build is created using the source code + .p12 + pass code
>   combination.
>   - Whoever is the current release manager gets the .p12 certificate +
>   pass code from the previous release manager to make a release build.
>   - It is up to the release mangers to keep the .p12 and pass code
>   secure.
> 
> Note:  We may need two release managers for every release - one for windows
> and one for Mac since air apps for a platform need to built on the same
> platform.
> 
> P.S.:  I have a thread going on in infra-dev to get an official Apache.org
> or Apache Flex AIR app signing certificate.  You can follow it here: [1]


Mime
View raw message