tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <>
Subject Re: Code signing trial - volunteers wanted
Date Wed, 18 Dec 2013 13:21:46 GMT
On 18/12/2013 13:05, Rainer Jung wrote:
> On 18.12.2013 01:24, Mark Thomas wrote:
>> The infrastructure team is about to start a trial of a code signing
>> service provided by Symantec. Tomcat is going to be the guinea pig for
>> this trial. As part of the trial we want to test the mapping of the
>> roles in the service to the roles at the ASF. We are therefore looking
>> for two volunteers. Both volunteers need to be Tomcat committers. At
>> least one of the volunteers needs to be a PMC member.
>> My outline plan at the moment is something like:
>> - Set up the test signing service
>> - Figure out how to sign our Windows installer
>> - Script the process
>> - Get volunteer one (who will have RM permissions) to do a test release
>> - Get volunteer two (who will have PMC permissions) to approve the test
>> release for signing
>> The idea is that any committer can be a release manager and upload a
>> release for signing but only a PMC member can approve the upload for
>> signing. Figuring out if that process is workable is part of the trial.
> If you like, I can try the approval step. It depends a bit on the
> infrastructure needed and during the next 2 weeks I might not always be
> available.

Thanks. I suspect things won't progress that fast any way. This is more
likely to be a task for January. There is a web based GUI and an API.
Part of the test is to figure out which works best for us but either way
the local infrastructure requirements should be minimal.



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message