incubator-flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <>
Subject Re: [MENTOR] .p12 file for releasing InstallApacheFlex
Date Tue, 28 Aug 2012 03:37:31 GMT
Hi Om,

Sorry for the delay I've been busy with work and Apache OpenOffice (incubating).

(1) I think that we need to get confirmation that a .p12 signed release is ok with legal-discuss@.
That it is a permissible for a convenience binary. I think that is likely and I'll look into
it tomorrow.

(2) We probably need to have a release VOTE for the source code making up the InstallApacheFlex
package, but I'm not completely sure. Perhaps Bertrand can answer that question.


On Aug 27, 2012, at 5:48 PM, Om wrote:

> Hi,
> Can one of the mentors please respond?  I was hoping to make a release of
> InstallApacheFlex soon.
> Thanks,
> Om
> On Mon, Aug 27, 2012 at 12:51 AM, Om <> wrote:
>> Dave:
>>> Is it possible to derive these p12 files from KEYS? I think it is likely,
>>>> if so we have a path to signing of these artifacts by project release
>>>> managers
>>> I will investigate this approach.  I have limited knowledge about this,
>>> but I believe that OpenSSL might help us here.  Will let you know soon.
>> Dave,
>> I tried this using gnupg and openssl without any luck.  Unless someone
>> knows how to do it, I have hit a dead end.
>> Erik and I have come up with this proposal to move forward.  Please let us
>> know your thoughts/suggestions.
>> For the binary releases:
>> * Erik de Bruin and I are the release managers for this tool
>> * We will create a new .p12 with a secure password.  We will NOT not check
>> the .p12 file in to SVN.
>> * I will create the Windows release on my machine using the .p12 file to
>> sign the AIR app
>> * I will securely email the .p12 file and the password (in separate
>> emails) to Erik de Bruin
>> * Erik creates the Mac release using the same .p12 file
>> * Erik and I sign the respective releases using our PGP keys in the Apache
>> Way.
>> For the source release:
>> * I will create a compressed file with the source code and sign it with
>> my PGP key
>> Are we missing something?
>> Thanks,
>> Om

View raw message