incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: [VOTE] Apache OpenOffice Community Graduation Vote
Date Mon, 27 Aug 2012 19:17:16 GMT
I'm not asking for anything.  I am simply attempting to clarify what the considerations are.
 Also, I did not inject the issue about binaries into the discussion on general@ i.a.o.

Why do you find it necessary to put my contributions down rather than let them go by if you
see no value in them?

 - Dennis

-----Original Message-----
From: Joe Schaefer [mailto:joe_schaefer@yahoo.com] 
Sent: Monday, August 27, 2012 10:58
To: ooo-dev@incubator.apache.org; orcmid@apache.org
Cc: jim@jagunet.com
Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote

Why do persist in hijacking this thread Dennis?
Read the Subject again and ask yourself why you
are pursuing this line of inquiry here again-
it's just confusing people because you're asking
for new policy to be written and adopted at the
same time other people are arguing with each other
about current policy and how it applies to AOO.

Just let this discussion die please without further
ado- you need not reply again here to acknowledge
my request.





	
________________________________

	From: Dennis E. Hamilton <orcmid@apache.org>
	To: ooo-dev@incubator.apache.org 
	Cc: jim@jagunet.com 
	Sent: Monday, August 27, 2012 1:52 PM
	Subject: RE: [VOTE] Apache OpenOffice Community Graduation Vote
	

	There is a missing distinction here.
	
	The discussion about signed binaries is not about external signatures of the kind used by
release managers and others, nor about the external digests and signatures that might be obtained
in conjunction with a download.
	
	The signing of code that I am talking about, and that others are talking about (at least
in part), has to do with embedded signatures that consumer operating systems notice and check
and that are part of the artifact.  These signatures are used (and typically required for
application certification) by Microsoft, Apple, Adobe, and others.  The requirement for them
is not decreasing.
	
	The discussion with regard to trust and the presumed reputation of the signer has merit,
but it is not satisfied by external signatures in the case of download distributions to modern
consumer platforms.
	
	- Dennis
	
	PS: I love it that when recognized authorities ask that a discussion be moved off of a particular
list and then everyone piles on that list with a vengeance.  This message is *not* being copied
to general@ i.a.o.  
	
	-----Original Message-----
	From: Joe Schaefer [mailto:joe_schaefer@yahoo.com] 
	Sent: Monday, August 27, 2012 10:07
	To: general@incubator.apache.org
	Cc: ooo-dev@incubator.apache.org
	Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote
	
	Which better agrees with written policy anyway- the sigs
	are part of the release package to be voted on and voted on
	by the PMC, so even tho it constitutes individual sigs
	those sigs (well at least the RM's sig) are PMC-approved.
	
	
	
	
	----- Original Message -----
	> From: Greg Stein <gstein@gmail.com>
	> To: general@incubator.apache.org
	> Cc: "ooo-dev@incubator.apache.org" <ooo-dev@incubator.apache.org>
	> Sent: Monday, August 27, 2012 1:03 PM
	> Subject: Re: [VOTE] Apache OpenOffice Community Graduation Vote
	> 
	> On Aug 27, 2012 9:57 AM, "Jim Jagielski" <jim@jagunet.com> 
	> wrote:
	>> ...
	>>  But recall in all this that even when the PMC releases code, it is
	>>  signed by the individual RM, and not by the PMC itself.
	> 
	> Apache Subversion releases tend to have a half-dozen signatures. Thus, I'd
	> say they are signed by the PMC. For example:
	> 
	> https://dist.apache.org/repos/dist/release/subversion/subversion-1.7.6.tar.bz2.asc
	> 
	> Cheers,
	> -g
	> 
	
	
	
	



Mime
View raw message